CISA’s Shake-Up: What Staff Suspensions Mean for State and Local Election Officials

HEATHROW, FL – For years, election officials have relied on the Cybersecurity and Infrastructure Security Agency (CISA) for guidance, real-time threat intelligence, and incident response coordination. However, recent personnel suspensions have raised concerns about the continuity of these federal resources. With uncertainty surrounding long-term federal election security support, state and local election offices must take immediate steps to strengthen their own security posture, ensure vendor accountability, and modernize their election systems to stay ahead of emerging threats. 

Security as a Shared Responsibility  

“Election offices are only as secure as the vendors they depend on,” said Brandon Fargis, Civix Chief Technology Officer. “There have been many cases where vulnerabilities in third-party providers put entire election systems at risk. It’s crucial for state and local officials to make sure their vendors follow the highest security standards.” 

Election offices are high-value targets for cybercriminals, and recent attacks on local government networks and election-related software vendors have led to data breaches and exposed sensitive voter information. Election officials can’t assume their vendor systems are secure—regular penetration testing, proactive vulnerability monitoring, and incident response planning must be standard expectations. Security must be a shared responsibility between election offices and their technology partners. 

Ensuring Vendor Accountability  

State and local governments depend on technology providers for voter registration systems, election management software, and other critical infrastructure. This reliance means that vendor security practices directly impact the security of the electoral process. Election officials can take an active role in ensuring security requirements are being met by holding vendors accountable through security audits, incident response plans, and regulatory compliance. Beyond compliance, election officials should establish clear expectations for continuous monitoring and proactive threat detection.  

Strong vendor partnerships built on transparency, accountability, and shared security goals ensure that election systems remain resilient against evolving cyber threats. By working closely with technology providers who prioritize security, election officials can mitigate risks and strengthen system defenses. 

Resilience Through Modernization 

Cyber threats against election systems are evolving rapidly, and attackers are now leveraging artificial intelligence (AI) to automate phishing, spread deepfake disinformation, and deploy attack bots that target voter registration databases. Legacy election systems were not built to defend against these advanced threats. By transitioning to modern, cloud-based platforms with AI-driven threat detection and real-time security monitoring, election officials can proactively mitigate risks and strengthen election integrity. 

By prioritizing investments in modern, secure election technology, state and local governments can not only defend against current cyber threats but also protect their systems against an ever-changing threat landscape.  

Strengthening Election Systems Amid Uncertainty  

While federal cybersecurity resources may be shifting, election officials can take immediate steps to strengthen their defenses: 

• Assess vendor security practices—Ensure vendors conduct regular penetration testing, have incident response plans, and maintain compliance with security frameworks like SOC 2 and StateRAMP/GovRAMP. 

• Modernize election technology—Move away from legacy systems to secure, cloud-based platforms with real-time threat monitoring. 

• Implement zero-trust security—Adopt stricter access controls, multi-factor authentication, and continuous monitoring to minimize exposure to cyber threats. 

• Partner with security-focused vendors—Work with technology providers who prioritize election security and provide proactive risk management, not just compliance checklists. 

“Federal uncertainty does not mean local inaction,” said Fargis. “Election officials must demand more from their technology partners. Security-first solutions, strong vendor accountability, and modernized platforms will define the next generation of election resilience. Civix is committed to helping election offices stay ahead of threats and protect democracy through secure, future-ready election solutions.”