Cover: Securing U.S. Elections

Securing U.S. Elections

A Method for Prioritizing Cybersecurity Risk in Election Infrastructure

Published Aug 16, 2022

by Quentin E. Hodgson, Edward W. Chan, Elizabeth Bodine-Baron, Bryan Boling, Benjamin Boudreaux, Bilyana Lilly, Andrew J. Lohn


Download eBook for Free

FormatFile SizeNotes
PDF file 1.6 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback58 pages $16.00

Research Questions

  1. How can jurisdictions at each level prioritize their efforts to combat the risk of cyberattacks on their election systems?
  2. How can they assess the likelihood of a successful attack?
  3. How can they assess the scale and severity of an attack?

U.S. election systems are diverse in terms of governance and technology. This reflects the constitutional roles reserved for the states in administering and running elections but makes it challenging to develop a national picture of cybersecurity risk in election systems. Moreover, it requires each state and jurisdiction to evaluate and prioritize risk in the systems it oversees. With funding from the Cybersecurity and Infrastructure Security Agency, researchers from the Homeland Security Operational Analysis Center have developed a methodology for understanding and prioritizing cybersecurity risk in election infrastructure to assist state and local election officials.

Key Findings

  • Election systems consist of multiple components (voter registration, pollbooks, voting machines, tabulation equipment, and official websites) that are administered and controlled at different levels, depending on the state.

Prioritizing risk across system components requires evaluating three factors

  • The first is the likelihood of a successful attack, using fault tree analysis to determine the level of sophistication needed based on security controls implemented on each system component.
  • The second is the scale of impact of an attack, based on whether a successful attack could affect a single location, a jurisdiction, or an entire state.
  • The third is the severity of an attack, as measured by the extent to which it would impede election officials' efforts to carry out election processes.


  • Officials can use the ratings or scores on likelihood, scale, and severity to prioritize efforts to protect the election infrastructure in their care.
  • Armed with an understanding of potential adversaries' tiers, the capability required to execute a particular type of attack on a particular component, and the scale and severity that such an attack would have if successful, election officials can direct protective resources toward the types of prevention and remediation that make most sense for their specific jurisdictions.

This research was sponsored by the National Risk Management Center, a division of the Cybersecurity and Infrastructure Security Agency, and conducted within the Strategy, Policy and Operations Program of the Homeland Security Operational Analysis Center (HSOAC).

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.