The good news, when it comes to election security, is that election officials and cybersecurity professionals are vastly better prepared in 2020 compared to 2016 to protect the U.S. presidential election in November.

The bad news: pretty much everything has changed over the last four years including leadership, technology, and now with the COVID-19 pandemic, even the way we will vote in less than 50 days.

One thing that has stayed the same: Russians and other state-sponsored hacking groups remain determined to undermine American voters’ confidence in elections. Microsoft recently warned that Russia, China, and Iran have attacked hundreds of organizations and individuals associated with U.S. President Donald Trump’s reelection campaign and Democratic candidate Joe Biden’s presidential campaign.

Foreign interference, homegrown conspiracy theories, COVID-19 fears, and unfounded distrust about voting by mail pose significant threats to the security and integrity of the U.S. presidential election.

“What I’m most concerned about right now is that what we’ve asked our election officials to do is, in some cases, dramatically changed the means by which their population cast their votes,” said Matt Olney, director of Cisco Talos Threat Intelligence. “And we’re trying to do it in a fairly compressed time frame. Voting by mail is a safe activity. The question is: can we get it to something that works well and efficiently in the timeframe we have and at general-election scale? We’re trying to do our largest, most important national election in a dramatically different manner than we would have just six or seven months ago.”

Olney and other threat researchers at Talos spent the past four years investigating election security and spending time with secretaries of state (or their equivalents) and election officials in different parts of the U.S. They looked at election systems and equipment — and it’s important to note that these are all very different, sometimes even between counties in the same state. “As we were told early on: ‘If you’ve seen one election system, you’ve seen one election system,’” the report says.

Between 2016 and 2020, much has been done to ensure the security and integrity of election infrastructure. This includes allocating more than $800 million in Help America Vote Act (HAVA) investments since 2018 and establishing the Cybersecurity and Infrastructure Security Agency (CISA) under the Department of Homeland Security in 2018. CISA now serves as the election security focal point for federal efforts and offers phishing testing and vulnerability scanning at the state and local level.

Also that same year, election officials started the Election Infrastructure ISAC (EI-ISAC) to coordinate information between election authorities. It has since widely deployed Albert intrusion detection and flow analysis systems to state and local authorities.

But, as Talos warns in two election security reports, there’s more than technical concerns about voting machine or ballot counting hacks at stake. “The threat actors aren’t just after, or even solely after, the modification of votes,” Olney said. “They’re after the collective faith in the electoral process and in Western democracy in general. So just doing the computer piece isn’t enough. You have to venture into public relations, messaging, and communications and make sure that you have your bridges built to voters way before election day.”

This requires transparency and clear messaging about where voters can find accurate information about where and how to vote as well as election results. Politicians, secretaries of state, and other election officials host positions “where they can take active steps to reinforce faith in the elections they administer,” the report says. But what happens when the president of the United States — not a foreign government or hacking group — is actively trying to damage faith in the election process?

Olney says he doesn’t want to address a specific politician or action. “But what I’ll say in general is the main remedy that we have is to vote for the person who is supporting the political activity that that we’re trying to protect. And so I would say to voters that if, in your estimation, there’s a candidate that isn’t supporting the political process that we’ve chosen to use for our country, that’s probably not the candidate to vote for.”

Talos’ second election security report centers on political disinformation campaigns, which Olney and Nick Biasini, Talos’ outreach engineer, agree poses a greater risk to the November election than technology vulnerabilities.

“I’m definitely most concerned about disinformation and the impact that it has on voters both in terms on how they come to their decision as to who to cast their vote for but also in terms of disinformation about where to vote, when to vote, who’s allowed to vote, what’s safe, what’s not,” Olney said.

Social media platforms make it very cheap and easy for threat actors to create and spread disinformation. While Russia was the key player in the 2016 election, China and Iran have since taken pages from the Russian playbook. In addition to using platforms like Facebook to spread fake news, some adversaries are creating entirely fake personas.

Talos points to a reporter who covered Middle Eastern socio-politics and published articles in several platforms. It turned out this reporter wasn’t a real person but instead a sock puppet with a fake LinkedIn profile and other social media profiles, which were enough to trick legitimate news sources into posting content. “All told, there were more than 15 fake personas that published almost 100 opinion pieces on nearly 50 different platforms,” the report says.

Building on these fake personas, Talos expects to see deepfake technology becoming a bigger problem in the upcoming months and years. These videos and photos often look very realistic and make it even more difficult to discern fact from fiction.

“We have a hard enough time trying to get people to fact check what they’re reading,” Biasini said. “Now with deepfakes you’re adding the inability to trust your eyes and potentially the inability to trust your ears. It becomes much more challenging, and you really have to change user psychology around this.”

In fact, a third report about the psychology around disinformation campaigns is in the works and planned for publication later this month.

Despite the adversaries’ constantly adapting and evolving their technology, both Biasini and Olney say they are hopeful that the upcoming presidential election and collective faith in the process will fare better this time around compared to 2016. This, in large part is because we — voters, cybersecurity professionals, social media companies, and elections officials — are much more aware of potential threats, and we’ve taken measures to mitigate them.

“We’re in much better shape, from a disinformation perspective, in 2020 than we were in 2016,” Biasini said. “We’re getting better at detection and identification of these campaigns. Only time will tell if it’s enough.”