Earlier this summer, escalating tensions in the Middle East prompted fresh warnings from U.S. intelligence agencies about cyber threats from Iranian-linked actors. While that crisis has eased, the danger has not.
Across the hemispheric region, multiple elections are underway or approaching, each providing openings for adversaries to meddle. The growing threat of the Maduro regime in Venezuela is a stark reminder: When authoritarian actors manipulate or undermine democratic processes in our neighborhood, the United States must ensure its own elections remain beyond reach. To protect the integrity of our constitutional republic, election security must be treated as essential.
Mike Asencio is director of the Cyber Policy Program at Florida International University’s Jack D. Gordon Institute for Public Policy. (courtesy, Mike Asencio)
This threat isn’t hypothetical. On June 30, the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency and the Department of Defense issued a joint alert warning that Iranian-affiliated hackers may soon target U.S. critical infrastructure. These actors exploit common vulnerabilities, such as outdated software and unsecured networks, and the alert urged election officials to act without delay.
I confront these risks daily through direct engagement with local, state and federal leaders. The nature of my work keeps me in constant conversation with those responsible for safeguarding our systems. That perspective provides both a wide lens on national vulnerabilities and a close view of how small local gaps can create national consequences.
We’ve already seen them target our election systems. This past presidential election cycle, Iranian-linked hackers, operating on behalf of the Islamic Revolutionary Guard Corps (IRGC), launched one of the largest “hack and leak” operations of the election cycle. They stole sensitive data from U.S. campaign officials and released it online using fake identities, aiming to mislead voters and undermine trust in our democratic institutions.
Back in 2017, the Department of Homeland Security formally recognized the stakes when it designated election infrastructure as part of the nation’s critical infrastructure. This includes everything from voter registration systems and tabulation machines to storage facilities and polling places. If a disruption in one of these systems can jeopardize our national security, it must be treated as essential.
What hasn’t kept pace is the federal investment. Over the past two years, Congress has provided a total of just $70 million for election infrastructure nationwide, a steep drop from the $400 million appropriated during the last year of the first Trump administration. Without reliable funding, election offices can’t modernize equipment, secure communications networks, or retain the technical staff needed to protect their systems.
In smaller jurisdictions especially, where budgets are tight and IT support is limited, even a minor vulnerability can open the door to foreign interference or a ransomware attack.
In Florida, recent legislation such as the State and Local Government Cybersecurity Acts, along with funding vehicles like CyberFlorida’s FirstLine Public-Sector Education initiatives, has strengthened the cybersecurity posture of state and local organizations. These measures, which include election security cyber exercises, show how targeted investments can reduce risks before they become crises.
Florida’s congressional delegation is well positioned to lead. Representatives Mario Díaz-Balart, John Rutherford and Scott Franklin, all members of the House Appropriations Committee, have long supported investments in infrastructure and cybersecurity. Now is the time to bring that same commitment to safeguarding elections.
Florida has shown what a serious approach looks like. Every vote is cast on a paper ballot, counted by certified machines, and audited after each election. A centralized voter registration system helps ensure consistency across all 67 counties. But even the most prepared states cannot meet this challenge alone. The threats are global. The responsibility must be shared.
Congress should restore election security grants to $400 million in FY 2026 and commit to making that level of investment an annual priority. Election officials can’t wait until after the next breach. They need the tools and training now, while there’s still time to prevent one.
Mike Asencio is director of the Cyber Policy Program at Florida International University’s Jack D. Gordon Institute for Public Policy, where he works with leaders across government on issues of cybersecurity and election security.
