Key Takeaways
- The Ohio Secretary of State’s office is rolling out a no‑cost phishing‑simulation training program for all 88 county boards of elections.
- The initiative began as a pilot in Adams and Fayette counties and now serves the majority of boards that rely on the SOS’s website and email support.
- Simulated phishing emails test staff’s ability to detect and report malicious messages, aiming to boost front‑line cyber awareness before real attacks occur.
- The program addresses a growing national threat landscape: phishing remains a top operational risk for the 2026 U.S. midterm election cycle, especially as AI‑enhanced tactics make fraud harder to spot.
- Directive 2026‑20 mandates that boards complete security compliance audits and remediate any deficiencies by August 31, 2026, following a set of CISA‑aligned cybersecurity practices.
- Required safeguards include CISA’s cyber‑hygiene vulnerability scanning, MS‑ISAC alert subscriptions, Albert network sensors, and a provided security information and event management (SIEM) service.
- To ease the financial burden, the SOS is offering $10,000 grants to help boards meet the new compliance standards.
- Together, these measures represent a proactive, layered strategy to protect election infrastructure, preserve public trust, and mitigate both cyber and physical threats during a busy election season.
Overview of Ohio Secretary of State’s Phishing Simulation Initiative
The Ohio Secretary of State (SOS) has launched a statewide phishing‑simulation training effort aimed at the 88 county boards of elections. By sending realistic‑looking but harmless phishing emails to election staff, the program seeks to evaluate and improve employees’ ability to recognize fraudulent messages and report them through proper channels. The training is offered at no cost to participating boards, reflecting the SOS’s commitment to strengthening the cyber resilience of election infrastructure without imposing additional financial strain on local governments.
Pilot Program Results and Expansion
Before the full rollout, the SOS piloted the simulation in Adams and Fayette counties. Feedback from those early participants helped refine the email templates, reporting mechanisms, and follow‑up debriefings. Encouraged by the pilot’s success, the office expanded the program to “the majority of Ohio’s boards of elections that utilize website and email support from our office.” This phased approach ensured that lessons learned from the pilot were incorporated before a broader implementation, increasing the likelihood of effective adoption across the state.
Objectives and Benefits of the Training
According to Secretary Frank LaRose, the initiative is “practical, proactive training that helps election officials spot threats before they become incidents.” The primary goal is to elevate front‑line workers’ cyber awareness, turning each employee into a vigilant line of defense. By repeatedly exposing staff to simulated attacks in a controlled environment, the program builds muscle memory for identifying subtle cues—such as mismatched sender addresses, urgent language, or unexpected attachments—that often betray phishing attempts. Early detection reduces the likelihood that a malicious email will lead to credential theft, malware installation, or data breach.
Context of Rising Cyber Threats to Elections
The SOS’s move comes amid a surge in cyber and physical threats targeting election operations nationwide. A recent Check Point Research report, the 2026 U.S. Midterm Election Threat Outlook, highlights that cyber threats, disinformation campaigns, and disruption efforts are all designed to erode public confidence in the electoral process. Among these, phishing stands out as one of the most likely operational threats for the 2026 cycle due to its scalability, low cost, and the broad range of potential targets—including campaign staffers, consultants, and election officials.
AI‑Enhanced Phishing and Evolving Tactics
Compounding the challenge, adversaries are increasingly leveraging artificial intelligence to craft more convincing phishing messages. AI can analyze publicly available information to personalize emails, mimic writing styles, and generate plausible lures that bypass traditional spam filters. As a result, even seasoned users may find it harder to discern fraudulent correspondence from legitimate communication. The Ohio SOS’s simulation training deliberately incorporates AI‑enhanced scenarios to ensure that election staff stay ahead of these evolving tactics.
Directive 2026‑20 and Mandatory Security Requirements
To complement the training, the SOS issued Directive 2026‑20, which imposes a clear compliance timeline: all boards must complete security audits and implement any necessary remediations by August 31, 2026. The directive outlines a baseline set of cybersecurity practices that align with federal guidelines from the Cybersecurity and Infrastructure Security Agency (CISA). By establishing a firm deadline and specific expectations, the SOS aims to create a uniform security posture across Ohio’s election infrastructure.
Specific Cybersecurity Measures Required
Under Directive 2026‑20, boards must adopt several concrete safeguards. First, they are required to use CISA’s cyber‑hygiene vulnerability scanning service to continuously identify and address weaknesses in their networks. Second, enrollment in the Multi‑State Information Sharing and Analysis Center (MS‑ISAC) ensures receipt of timely threat intelligence and alerts tailored to the election sector. Third, deployment of Albert sensors—network‑based intrusion detection tools—provides real‑time monitoring for anomalous traffic. Finally, boards must employ a provided security information and event management (SIEM) service, which aggregates logs from various systems to facilitate rapid incident detection and response.
Financial Support Through Grants
Recognizing that smaller counties may lack the budget to implement these measures, the SOS is allocating $10,000 grants to each board of elections that needs assistance meeting the Directive 2026‑20 requirements. The grant funds can be applied toward purchasing or upgrading security tools, covering subscription fees for scanning or SIEM services, or financing staff training beyond the phishing simulations. This financial backing helps ensure that resource constraints do not become a barrier to achieving a robust, statewide cyber defense.
Broader Implications for Election Security and Future Steps
Ohio’s comprehensive approach—combining proactive phishing simulations, mandatory compliance audits, prescribed technical safeguards, and grant‑based support—serves as a model for other states grappling with similar election security challenges. By addressing both the human element (through awareness training) and the technical layer (via vulnerability scanning, threat sharing, and monitoring), the state reduces the likelihood that a successful cyber intrusion could compromise voter data, disrupt tabulation systems, or undermine public trust. As the 2026 election cycle approaches, continued evaluation of the program’s effectiveness, periodic updates to simulation scenarios, and ongoing collaboration with federal partners will be essential to stay ahead of increasingly sophisticated threats. The initiative underscores a growing recognition that cybersecurity is no longer an optional add‑on for government agencies but a foundational component of democratic integrity.