Election Security Group uncertainty clouds 2026 midterms

With the 2026 midterms less than six months away, Gen. Joshua Rudd told the Senate Armed Services Committee on April 28, 2026 that he did not know whether the Election Security Group had been set up. The unclear status comes after the Trump administration in 2

For the third morning in a row, election staff are checking the same assumption: that the warning system for foreign cyber and influence threats will be there when it’s needed.

But on April 28, 2026, Gen. Joshua Rudd—director of the National Security Agency and commander of U.S. Cyber Command—told the Senate Armed Services Committee that he didn’t know whether the Election Security Group had been set up yet. The Election Security Group has worked every federal election cycle since 2018. Yet, as of mid-May, there is no public indication it has been activated.

That uncertainty lands with special weight because the 2026 midterms are less than six months away. In a typical cycle. the federal task force would brief Congress on upcoming threats and work with state and local leaders. running scenarios that range from ransomware to critical infrastructure attacks on Election Day.

Instead, the questions now sit in the open: if the Election Security Group is delayed or scaled back, who is translating threat intelligence into real-time guidance for local officials—and how quickly?

The gap has a backstory. In 2025. the Trump administration made a decision to defund the Elections Infrastructure Information Sharing and Analysis Center. the threat-sharing hub that helped make 2024 the most cyber-secure election in U.S. history, according to the Center for Internet Security, a nonprofit focused on protecting against digital threats. A White House spokesperson said of the cuts at the time that EI-ISAC’s work no longer effectuated the priorities of the Department of Homeland Security.

Those losses—along with the disbanding of other federal offices that counter foreign influence operations—have made it harder for local officials to learn of threats to election infrastructure. That includes threats like AI-enabled targeting of voting tabulation systems and deepfakes of candidates.

What’s missing now is not just a task force on paper. It’s the proactive cyber deterrence that has defined U.S. election defense for much of the past decade, and the uncertainty over whether that approach remains in any other form.

A decade of election defense, built to disrupt interference

The need for such coordination didn’t begin last year. The Russian-backed Internet Research Agency began targeting the U.S. political system to sow divisions in 2014. Internet Research Agency troll farms—organized groups paid to flood social media platforms with fake or divisive content—helped disinformation spread through the 2016 election.

At the same time, Russia’s GRU—its military intelligence agency—homed in on the Democratic National Committee and probed all 50 state election systems. It breached Hillary Clinton’s campaign and compromised election systems in Illinois.

There is no evidence that votes were altered as a result. but the influence campaign exposed vulnerabilities and set the stage for extensive investigations and hearings on how the U.S. government should respond. It also left lasting damage in the form of lower trust in electoral processes and widened political divides.

In the final weeks of the Obama administration. the Department of Homeland Security designated election infrastructure as critical. akin to water and electricity. The first Trump administration built on that designation and created the Cybersecurity and Infrastructure Security Agency. a component of the Department of Homeland Security. in 2018.

That same year, the National Security Agency and U.S. Cyber Command partnered to launch what was initially called the Russia Small Group, a task force meant to guard U.S. election infrastructure against Russian interference.

Since at least the Obama administration, the U.S. had largely focused on defensive measures designed to protect elections, such as multifactor authentication and encryption, which make it harder to compromise systems in the first place.

Then came a shift in posture. The Trump administration wanted to be more proactive—to put adversaries on notice and deter future attacks. This approach is known as defending forward, or persistent engagement.

The 2018 midterms became the test. The Internet Research Agency again tried to widen divisions in U.S. society through hundreds of thousands of manufactured tweets and posts that made divisive views appear more widely shared than they were on both sides of hot-button issues. This time, the Russia Small Group took the Internet Research Agency offline during and immediately after the election. While the details are classified. public reporting indicates that Cyber Command temporarily disrupted the Internet Research Agency’s internet access and sent direct messages to operatives warning them against such activities and instructing them to not interfere in U.S. elections.

From Russia-specific to a broader Election Security Group

By the 2020 presidential election. the Russia Small Group had been renamed the Election Security Group. and its scope expanded beyond Russia to include China. Iran. North Korea and nonstate actors. The group’s mission was to disrupt. deter and degrade foreign adversaries’ ability to interfere with and influence how U.S. citizens vote and how those votes are counted.

It does that through information-sharing across agencies and with local officials and the private sector. If a foreign influence campaign falsely claims that polling places have closed early in a swing state. the Election Security Group can alert election officials. platforms and distributed cybersecurity teams before the claim goes viral.

In the same defend-forward spirit, it can also help cut off foreign trolls and state-backed hackers from what’s needed to run an influence operation, like internet access, servers and accounts.

Typically, it is active during election years—serving as a coordination hub that turns intelligence about foreign election threats into warnings, defensive measures and offensive operations.

Now, the absence is arriving as threats—and vulnerabilities—are multiplying.

The 2026 midterms: targeting pressure and fewer places to turn

The current election cycle is, in many ways, more prone to targeting than previous ones. The Iran war, AI-powered cyberattacks, nation state–sponsored attacks against U.S. election infrastructure. and the firing of key Cybersecurity and Infrastructure Security Agency personnel who worked with tech companies to spot election-related deepfakes and inaccurate or misleading content have all raised the pressure.

The risk isn’t theoretical. The combination of losing EI-ISAC and, possibly, the Election Security Group could leave the U.S. less prepared this November. Local and state election officials would have fewer places to turn for the latest intelligence. Congress would also be less informed about pressing threats.

That’s happening while global U.S. standing is slipping, and foreign adversaries could feel emboldened.

What comes next remains unclear. The Election Security Group, created by the first Trump administration alongside both EI-ISAC and the Cybersecurity and Infrastructure Security Agency, has been an important weapon in the U.S. arsenal to defend vulnerable election systems.

But it’s not yet clear what fills the gaps—especially if activation is delayed.

One outlet has reported that plans to revive the Election Security Group are beginning to move through senior intelligence and defense channels. weeks after Rudd’s testimony. Even if the group is activated immediately. the window is tight: it would have less than six months to do what it historically done across a full election year. With early voting beginning in some states even sooner, the clock is ticking.

A professor’s warning is rooted in the institutional machinery

Scott Shackelford. Professor of Business Law and Ethics at Indiana University. argues that election defense can’t be reduced to a single technical fix. He co-edited a book called “Securing Democracies” about cyberattacks and disinformation worldwide. and he said he can attest to the importance of guarding against foreign efforts to undermine trust in U.S. elections. Without groups like EI-ISAC and the Election Security Group in place. Shackelford said the 2026 midterms could mark a milestone: for the first time in perhaps a decade. the next election may be less secure than the last.

The sequence of events—defunding of EI-ISAC in 2025. the lack of public confirmation that the Election Security Group has been activated. and Rudd’s April 28 admission that he doesn’t know whether the group has been set up—creates a simple question that is now hard to dodge: what happens to the people who depend on timely warnings before a rumor becomes a crisis?.

As election deadlines close in, the answer will not come from abstract reassurances. It will come from whether the infrastructure for election security is up and running in time to meet the threats already pressing on 2026.

Election Security Group Joshua Rudd NSA U.S. Cyber Command EI-ISAC elections cybersecurity deepfakes voting tabulation systems 2026 midterms foreign influence defending forward Senate Armed Services Committee Cybersecurity and Infrastructure Security Agency