Election offices are often encouraged to concentrate on guarding against external threats, but some of the most consequential risks can come from inside the organization.
An insider threat is any individual who misuses their legitimate access or specialized knowledge, whether intentionally or unintentionally, in ways that harm the election operation. Because elections rely on distributed teams of staff, vendors, contractors, and temporary workers, privileged access can be widespread, and the potential for harm exists.
In Mesa County, Colorado, shortly after the 2020 Presidential election, the county clerk used her authorized access to allow an unauthorized individual, using a false identity, into a secure election system environment during a voting system update. They turned off security cameras and then copied and published sensitive system data.
In Philadelphia, Pennsylvania, several years ago, two Board of Elections-designated poll workers, each in charge of a polling place, selected other poll workers they trusted and worked with them to add votes for certain candidates in return for payments from a campaign “fixer”. The votes were cast late in the day under the names of voters who had not shown up to vote. The scheme, which added up to hundreds of votes and involved a former Congressman with a bribery conviction, was exposed when a new City Commissioner (a member of the board that governs elections) insisted on a careful audit of ballot totals versus check-ins.
And each year, in one election office or another, an unintentional insider threat hits home. Exhausted staff skip the step of checking the list of reported results against the list of expected returns, and thus publish incomplete results as though they were complete.
The incident in Colorado resulted in criminal convictions, decertification of voting equipment, and long‑term operational and reputational damage. It also underscored a critical point: even senior officials can become insider threats, and authorized access alone is not a safeguard. Election offices should review their state laws, administrative rules, and local procedures to ensure they provide clear accountability and enforceable penalties for unauthorized access or disclosure.
The Philadelphia cases led to multiple convictions and prompted the office to pay closer attention to cross-checks, such as ballots vs. check-ins, that can seem perfunctory. These checks are equally effective in flagging intentional behavior or inadvertent error arising from complacency. It is crucial that someone “does the math” to maintain the integrity and accuracy of your office’s results.
While malicious incidents draw headlines, complacent and unintentional insider threats are far more common. What may seem like harmless shortcuts, such as skipping badge-in procedures or making one-time chain-of-custody exceptions, can create precisely the kinds of vulnerabilities adversaries seek. Unintentional mistakes such as phishing clicks, misdirected emails, lost devices, or improper disposal of sensitive documents can expose systems or create openings for external actors. Staff under pressure may also be more susceptible to social engineering or manipulation by outside actors.
Election offices can reduce risk by strengthening access controls, applying Zero Trust principles (never trust, always verify), and ensuring that third‑party vendors, contractors, and temporary staff are held to the same standards as employees. Key steps include:
- Completing background checks for all individuals with privileged access.
- Eliminating unnecessary remote access for vendors and contractors.
- Using identification badges or vests to distinguish roles clearly.
- Requiring bipartisan teams or dual authorization for sensitive tasks.
- Applying least‑privilege access and promptly removing access when roles change.
- Encouraging early reporting and clearly distinguishing legitimate whistleblowing from harmful insider activity.
- Following through on routine audits and cross-checks to ensure signatures are present and numbers add up.
Insider‑threat mitigation is a continuous lifecycle: testing systems and processes before the election, monitoring activity during voting and tabulation, and auditing after the election to verify accuracy and identify areas for improvement.
Actions to Take This Week
To reduce insider threat risk before the next election, election offices should consider the following actions:
- Verify your access lists. Confirm who currently has physical and digital access, and promptly remove anyone who no longer needs it.
- Re‑train temporary staff and vendors. Even a short refresher on access rules, chain of custody, and reporting expectations can close many common gaps.
- Audit one high‑risk process. Pick a single workflow (e.g., logic and accuracy testing, ballot transport, EMS access) and ensure the two‑person rule, documentation, and standard operating procedures (SOPs) are being followed exactly as written.
- Identify opportunities for dual authorization. Examine permissions, processes, and tasks currently controlled by a single individual. Implementing two-person control helps prevent actions like disabling security features or altering critical programming.
These quick checks reinforce accountability, surface vulnerabilities early, and may help prevent both intentional and unintentional insider‑driven incidents.
The Situation Room focuses on real security incidents and threats in the news relevant to election security. To review previous issues, see the newsletter archive.