Gartner Blog Network

Cyber Hacking Lessons from the U.S. Election

by Avivah Litan  |  November 10, 2016  |  1 Comment

I was as stunned as anyone by the U.S. election results. I also immediately questioned the security of the state election systems.

I just can’t help but wonder why an August 29  story written by well-respected journalist Michael Isikoff that ran on Yahoo News detailing an FBI alert about hacks into state election servers was ignored by the public and most of the media.

See FBI says foreign hackers penetrated state election systems

To me, the meddling of nation state actors (Russia) in our electoral systems and processes was the most serious issue in this controversial election.

Surely state and local governments do not have the resources to adequately protect their infrastructure from advanced nation state or other types of hacker attacks.  Most large well-equipped organizations in this country struggle with the same despite multi-million dollar security budgets spent each year on cybersecurity.

Whatever happened to national plans to protect our nation’s critical infrastructure?  I would definitely consider local and state election systems a central component of those critical infrastructure systems.


Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Thoughts on Cyber Hacking Lessons from the U.S. Election

  1. You raise an important point, Avivah. The only way to proactively know whether or not the election system is likely to be successfully attacked by a specific type of attacker is to create a comprehensive attack surface analysis with a scalable, automated threat modeling process.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.