For the first time in a decade, the next election could be less secure than the one preceding it

With the 2026 midterms less than six months away, the Election Security Group would normally be busy helping prepare the nation’s election infrastructure. The federal task force typically briefs Congress on upcoming threats and engages with state and local leaders to game out scenarios ranging from ransomware to critical infrastructure attacks on Election Day.

But Gen. Joshua Rudd, director of the National Security Agency and commander of the U.S. Cyber Command – the two agencies that jointly run the Election Security Group – told the Senate Armed Services Committee on April 28, 2026, that he didn’t know whether the group had been set up yet. The Election Security Group has worked every federal election cycle since 2018, but, as of mid-May, there is no public indication it has been activated.

This pending Election Security Group activation follows the Trump administration’s 2025 decision to defund the Elections Infrastructure Information Sharing and Analysis Center, the threat-sharing hub that helped make 2024 the most cyber-secure election in U.S. history, according to the Center for Internet Security, a nonprofit focused on protecting against digital threats. A White House spokesperson said of the cuts at the time that EI-ISAC’s work no longer effectuated the priorities of the Department of Homeland Security.

These losses – and the disbanding of other federal offices that counter foreign influence operations – make it harder for local officials to learn of threats to election infrastructure, like AI-enabled targeting of voting tabulation systems or deepfakes of candidates. Little is known about whether the proactive cyber deterrence that has defined U.S. elections for much of the past decade remains in place in any other form.

I’m a scholar of global efforts to secure democracy, and I co-edited a book called “Securing Democracies” about cyberattacks and disinformation worldwide. I can attest to the importance of guarding against foreign efforts to undermine trust in U.S. elections and believe that, without groups like the EI-ISAC and the Election Security Group in place, the 2026 midterms could mark a milestone: For the first time in perhaps a decade, the next election may be less secure than the last.

The Russian-backed Internet Research Agency began targeting the U.S. political system to sow divisions in 2014. Thanks to Internet Research Agency troll farms – organized groups paid to flood social media platforms with fake or divisive content – disinformation proliferated through the 2016 election. At the same time, Russia’s GRU – its military intelligence agency – homed in on the Democratic National Committee and probed all 50 state election systems. It breached Hillary Clinton’s campaign and compromised election systems in Illinois.

Though there is no evidence that votes were altered as a result, Russian influence exposed the country’s election vulnerabilities and set the stage for extensive investigations and hearings questioning how the U.S. government should respond. It left lasting damage in its wake, like lower trust in electoral processes and widened political divides.

In the final weeks of the Obama administration, the Department of Homeland Security designated election infrastructure as critical, akin to water and electricity. The first Trump administration built on that designation and created the Cybersecurity and Infrastructure Security Agency, a component of the Department of Homeland Security, in 2018. That same year, the National Security Agency and U.S. Cyber Command – the military nerve center for cybersecurity – partnered to launch what was initially called the Russia Small Group, a task force to guard U.S. election infrastructure against Russian interference.

Since at least the Obama administration, the U.S. had been largely focused on defensive measures to protect elections, like multifactor authentication and encryption, which make it harder to compromise systems in the first place. The Trump administration wanted to be more proactive, to put adversaries on notice and deter future attacks. This approach is known as defending forward, or persistent engagement.

The test for this new, more activist policy came during the 2018 midterms, as the Internet Research Agency again tried to widen divisions in U.S. society through hundreds of thousands of manufactured tweets and posts that made divisive views appear more widely shared than they were on both sides of hot-button issues. This time, however, the Russia Small Group took the Internet Research Agency offline during and immediately after the election. Although the details are classified, public reporting indicates that Cyber Command temporarily disrupted the Internet Research Agency’s internet access and sent direct messages to operatives warning them against such activities and instructing them to not interfere in U.S. elections.

By the 2020 presidential election, the Russia Small Group had been renamed the Election Security Group, and its scope expanded beyond Russia to include China, Iran, North Korea and nonstate actors. It worked to “disrupt, deter and degrade foreign adversaries’ ability to interfere with and influence how U.S. citizens vote and how those votes are counted.”

The Election Security Group does this through detailed information-sharing across agencies and with local officials and the private sector. If, for instance, a foreign influence campaign falsely claims that polling places have closed early in a swing state, the Election Security Group can alert election officials, platforms and distributed cybersecurity teams before the claim goes viral. In true “defend forward” spirit, it can also help cut off foreign trolls and state-backed hackers from what’s needed to run an influence operation, like internet access, servers and accounts.

Typically, it is active during election years, serving as a vital coordination hub and turning intelligence about foreign election threats into warnings, defensive measures and offensive operations.

The Election Security Group’s absence comes at a time when both threats and technological vulnerabilities are multiplying.

The current election cycle, in many ways, is more prone to targeting than previous ones because of the Iran war, AI-powered cyberattacks, nation state–sponsored attacks against U.S. election infrastructure, and the firing of key Cybersecurity and Infrastructure Security Agency personnel who worked with tech companies to spot election-related deepfakes and inaccurate or misleading content.

These challenges – combined with losing the EI-ISAC and, possibly, the Election Security Group – could leave the U.S. less prepared this November. Local and state election officials have fewer places to turn for the latest intelligence, and Congress is less informed about pressing threats – all while global U.S. standing is slipping and foreign adversaries could feel emboldened.

The Election Security Group, which was created by the first Trump administration – alongside both the Elections Infrastructure Information Sharing and Analysis Center and the Cybersecurity and Infrastructure Security Agency – has been an important weapon in the U.S. arsenal to defend vulnerable election systems. What fills these gaps remains unclear. One outlet has reported that plans to revive the Election Security Group are beginning to move through senior intelligence and defense channels, weeks after Rudd’s testimony. Even if the group is activated immediately, it will have less than six months to do what it has historically done across a full election year. With early voting beginning in some states even sooner, the clock is ticking.

This article is republished from The Conversation, a nonprofit, independent news organization bringing you facts and trustworthy analysis to help you make sense of our complex world. It was written by: Scott Shackelford, Indiana University

The views expressed in this article are the author's own.