McAfee: Lack of Verified Election Websites Could Pose Cybersecurity Issues For 2020 Election

McAfee’s survey of 13 states considered “critical” in the presidential election found that 83 percent lacked .GOV validation, which verifies websites as being run by official local governments.

The cybersecurity practices of county election websites could pose a significant election security threat for the 2020 presidential election, according to new research by cybersecurity firm McAfee.

Of the 13 states projected to be “critical” in the 2020 presidential election, 83 percent of county election websites lacked .GOV validation, meaning that they have not purchased a .gov web domain and therefore have not been verified as legitimate sites by the federal government. In Iowa, that number jumps to nearly 89 percent, and in New Hampshire, 90 percent of websites lack the validation.

Security experts worry that the lack of verified websites will make it easier for malicious actors, particularly foreign adversaries, to create fake government websites and spread misinformation about voting locations and results, potentially affecting the final results out of those counties.

“Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” Steve Grobman, McAfee’s Senior Vice President and Chief Technology Officer, said in a statement. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times.”

McAfee’s survey focused on Arizona, Florida, Georgia, Iowa, Michigan, Minnesota, Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, Texas and Wisconsin, which together count for 201 of the 270 electoral votes necessary to win the presidential election. About 46 percent of county election websites in these states did not have HTTPS encryption as well, meaning that information shared on the site’s pages is not encrypted upon submission.

“In many cases, these websites have been set up to provide a strong user experience versus a focus on the implications that they could be spoofed to exploit the communities they serve,” Grobman said.

Only about 33 percent of main county websites in Arizona were not validated by .GOV, giving it the best percentage of all of the states surveyed. McAfee noted that many county websites try to make their domains easy to remember (“votedenton.org”) and may not have the resources to transition to a .GOV domain, which requires submitting evidence of legitimacy to the government.

In turn, McAfee supports The DOTGOV Act of 2020, which would require the Department of Homeland Security to support .GOV adoption for local governments with new guidance and financial support.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.