Keeping Elections Safe from Cyberattack

Safeguarding elections infrastructure falls to local jurisdictions—here’s what to watch out for.

Keeping Elections Safe from Cyberattack

In a tight election, a tiny number of votes can make a huge difference, making voter suppression a very big deal. Think of Rutherford Hayes, who won the 1876 presidential election by .09 percent of total votes cast. Of course, voter suppression tools were a little less sophisticated back then—literacy tests, poll taxes, and grandfather clauses. Today, technology plays a huge role in suppressing votes. And while much has been said about the 2016 misinformation campaigns and hacking from nation state actors such as Russia, distributed denial of service (DDoS) attacks also pose a real threat.

“While we see a lot of election-based security coverage on disinformation campaigns, DDoS can shut down information availability, which can be just as—if not more—dangerous,” says Tom Bienkowski, director of product marketing at NETSCOUT.

Where will this play out? Two top contenders are voter registration databases and election-night results displays: 

  1. Voter registration systems. According to the Center for Internet Security’s (CSI) Handbook for Elections Infrastructure Security, the ability to access voter registration systems through the internet has increased their vulnerability to remote attacks aimed at manipulating voter registration systems. Nation-states, for example, could access and disrupt voter registration databases in order to deny legitimated registered voters the ability to vote on election day—a concept that has already translated into reality. The FBI reported in February 2020 that state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack. According to the report, “PRSD attacks are a type of DDoS attack used by threat actors to disrupt DNS record lookups by flooding a DNS server with large amounts of DNS queries against non-existing subdomains.”

Dangers such as this, the handbook notes, “makes them a priority for strengthening of the security resilience of these components.”

  1. Election-night results displays. The CSI handbook also identifies this as an area of concern, and with good reason. There’s already evidence that attackers have targeted such systems—witness the 2018 attack that took the Knox County Election Commission site displaying results of the county mayoral primary offline during Tuesday. But attackers could take it even further. For example, an adversary could access election night vote displays to change the displayed results such that the real winner of the election is now the reported loser in the election, eroding voter confidence.

There is no way around it: protecting democracy starts with protecting elections, a job that primarily falls to local jurisdictions. According to the CSI handbook, “Although states are heavily involved in setting the rules and policies for administering elections and in choosing election technology, in most states local jurisdictions administer and conduct the processes of an election.” Ideally, these local election administrators will follow recommended best practices by planning and establishing a DDoS mitigation strategy. NETSCOUT recommends the following:

  • Assess your election infrastructure DDoS attack landscape.
  • Create and implement a plan for emergency mitigation of a DDoS attack.
  • Establish and maintain effective partnerships with your upstream network service provider and know what assistance they can provide in the event of a DDoS attack.
  • Consider establishing relationships with companies that offer DDoS mitigation services, including managing your DDoS strategy as a service.

The bottom line is that anyone responsible for the security of election infrastructure needs to be focused on potential technology disruptions.

Find out more about hybrid and automated DDoS attack mitigation

Wetherbee is a product marketing manager at NETSCOUT