Election security aid is on the chopping block, rattling local officials

State and local election officials who have grown to rely on the federal government’s cybersecurity assistance fear that the Trump administration may permanently block that aid by Thursday.

Such funding, which began in President Donald Trump’s first term and is funnelled through the country’s top domestic security body, the Cybersecurity and Infrastructure Security Agency (CISA), stopped in February. Those programs include free on-site and remote security testing of election machines and the websites that report election results, and ad hoc “situation rooms” where election officials can virtually gather and discuss security tactics in real time.

“Taking away that funding would be a very, very bad idea,” said Howie Knapp, the executive director of South Carolina’s State Election Commission,” told NBC News.

“We all know as taxpayers there is government bloat enough, but this is protecting the core function of democracy,” Knapp said. “If there’s government cuts to be made, I would recommend they don’t start with securing our nation’s elections.”

CISA, which is under the Department of Homeland Security, plans to make a decision on the future of federal election security assistance by Thursday, according to a Feb. 14 agency memo obtained by NBC News. The memo was first reported by Wired.

In an emailed statement, a DHS spokesperson confirmed CISA has “strategically paused all elections security activities.”

The potential cuts come amid a government-wide reduction in federal staffing and programming in Trump’s first weeks back in office. At CISA alone, more than 140 employees have been laid off since Trump took office, a DHS spokesperson told NBC News.

Most of the free election cybersecurity services that the federal government provides to states are funded by CISA but conducted through an organization called the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC), which is run by the nonprofit Center for Internet Security. In a separate Feb. 14 letter to CISA obtained by NBC News (separate from the agency memo of the same day), the Department of Homeland Security ordered the Center for Internet Security  to “terminate” those election services.

Wesley Wilcox, the supervisor of elections at Marion County, Florida, is preparing for a special election on April 1 to fill the House seat vacated when former Rep. Mike Waltz left to become Trump’s national security adviser. Wilcox said that the EI-ISAC’s situation room has become an essential tool for securing elections.

“If somebody in New York reports some malicious IP addresses, it gets spread out to us in real time to where all of us can block said IP address. There is nothing else like that,” he told NBC News.

“When we do this special election here in four weeks, there’s a very real chance that there won’t be a situation room,” Wilcox, a registered Republican, said.

The CISA memo last month, which assessed election security in the U.S., also included putting election security staffers on administrative leave as of Feb. 7.

Election cybersecurity has become a crucial consideration since 2016, when Russian intelligence probed and, in some cases, hacked systems related to state election systems, as a Senate Intelligence Committee report found, though there’s no evidence Russia had enough access to tamper with actual vote counts. Even if hackers can’t change voting results, disrupting how Americans look up where to cast their ballot or falsifying websites that post early unofficial election results could be  detrimental to public faith in democracy.

Election officials appear to have little say in the matter. On Feb. 21, a coalition of most states’ top election officials, the National Association of Secretaries of States (NASS), wrote an open letter to DHS Secretary Kristi Noem outlining the multiple federal security services that states have come to rely on, including intelligence briefings and help planning security exercises. The letter included an offer to meet with Noem or answer any questions about states’ use of the program.

DHS and Noem did not respond, a NASS spokesperson told NBC News. 

CISA’s review appears to be prompted by a false claim popular among Trump allies that the agency is engaged in policing disinformation and censoring conservatives. The memo notes that the review is in accordance with one of the executive orders Trump signed on Jan. 20,  “Restoring Freedom of Speech and Ending Federal Censorship,” which calls for a review of  purported censorship during President Joe Biden’s administration.

Project 2025, the Heritage Foundation’s influential collection of recommendations for the second Trump administration, characterizes CISA as an agency “that the Left has weaponized to censor speech and affect elections at the expense of securing the cyber domain and critical infrastructure, which are threatened daily.”

Trump disavowed Project 2025 while campaigning, but his transition team heavily relied on it to staff his administration.

During Biden’s presidency, Republicans on the House Judiciary Committee routinely accused CISA of promoting “censorship,” largely on the basis of a program created during the first Trump administration in which the agency would help local election officials flag social media companies about false claims on how and when to vote, or false claims that the practice of voting by mail was riddled with fraud. However, the CISA director under Biden’s administration, Jen Easterly, ended that program.

“I need to ensure we are able to do our core mission, to reduce risk to critical infrastructure. And at this point in time, I do not think the risk of us dealing with social media platforms is worth any benefit, quite frankly,” Easterly said in a podcast interview with tech journalist Kara Swisher in 2023. “I made a decision not to do that. So we are not doing that. Local election officials can give that to the platforms themselves, and I think that’s the right place for us to be.”

The agency has also at times published information about how elections are administered, as incorrect information was being spread elsewhere. Two weeks after he lost the 2020 election, Trump infamously fired its then director, Chris Krebs, over CISA running a “rumor versus reality” blog that rebutted Trump’s claims that the election had been hacked or stolen.

“We’re hoping we have a voice,” Wilcox, the Florida county election official, told NBC News. “We’re trying to educate people involved in the decision-making process.”