With the U.S. midterm elections just around the corner and security concerns running high, a new survey finds that three-quarters of local election websites are not using the .gov domain to help boost site security and engender a higher degree of user trust.
The .gov domain is used throughout government, is overseen by the Cybersecurity and Infrastructure Security Agency (CISA), and confers a degree of trust to users that websites are authentic. Use of the .gov domain also provides security benefits, like two-factor authentication on the .gov registrar and notifications of DNS changes to administrators.
A research study from the Center for Democracy & Technology (CDT) found that of the 7,010 websites included in the analysis, only 1,747 (25 percent) used the .gov domain. CDT said that’s especially troubling as fake websites begin to target voters.
Among other steps leading up to the elections, state and local officials have been working tirelessly to fend off misinformation regarding the authenticity of casting a ballot by having websites that users can trust. They have also been advised to have a strong web presence –– like verified Twitter and Facebook accounts –– to effectively debunk and respond to bad actors.
“We know that one of the most impactful ways to mitigate the spread of disinformation is to empower local election officials as trusted voices on election administration,” Kim Wyman, a senior election security advisor at CISA, told MeriTalk.
“Helping election officials move to a .gov domain supports this effort,” Wyman said. “The public can easily identify an official government website or email address when it ends in .gov.”
The .gov domain identification on a website functions in a similar way to a blue checkmark on Twitter that indicates authenticity. In March 2021, CISA received sole authority to confer .gov identification to state, local, and Federal verified entities.
Local election websites are where voters perform essential tasks like registering to vote or requesting absentee ballots. Because of this, CISA has made it easier for election officials to obtain a .gov domain by making the registration free.
“Over the last several years, we have engaged state and local officials on the value of switching to a .gov platform, and sought ways to make the transition easier, such as eliminating the $400 registration fee that had served as a barrier of entry to smaller jurisdictions,” Wyman said. “We continue to encourage election officials to make this transition if they have not already done so.”
Why have so many official election websites neglected to make the transition, then?
CDT speculated that many officials may not be aware that the .gov domain is available and free to them, and many local election teams are stretched thin for funds and staff. CISA acknowledged that moving a domain .gov is a hefty load, requiring already strapped election officials to update emails, business cards, and signage.
In order to help officials secure online election infrastructure against cyber attacks and disinformation, CISA released a factsheet detailing the importance of a .gov domain – including the technical benefits, like mandatory multi-factor authentication and notifications of domain name system changes.
Election officials can follow CISA’s step-by-step instructions on how to apply for a .gov domain.