The threats of cyberattacks against the US electoral process are far from hypothetical. The previous Presidential election showed that cyber threat actors will attempt to use social media to change the course of an election, and additional research into the security of voting machines has demonstrated that they are also vulnerable to a number of different cyberattacks.
However, this does not encompass the entirety of the cyber threat to US elections. Attacks against election-related websites have demonstrated the importance of protecting the availability of these sites by deploying Distributed Denial of Service (DDoS) protection services.
Election Security Beyond the Voting Machines
When most people think of the US election infrastructure, they focus on the voting machines. These devices are distributed to each polling location in advance of an election, collect everyone’s votes for counting, and are then returned to a secure location until their next use.
These voting machines are undoubtedly a source of cybersecurity concerns. A number of different attack vectors have been identified against machines actively in use. However, this is not the extent of the US election infrastructure’s cyberattack surface. A number of other systems are also critical to ensuring a successful and fair election.
The US election infrastructure is also heavily reliant upon its web presence. Lists of all registered voters are maintained on computer systems and accessible to candidates and other interested parties (in order to send out that endless stream of election mailers). Additionally, many state and local governments use the Internet as a means of providing election information to voters, meaning that a cyberattack against these systems could deny access to or potentially modify this data.
Additionally, the US election infrastructure is heavily reliant on volunteers to staff polling locations and perform other crucial duties. Election officials require a means for communicating with these poll workers to provide instructions or updated news, such as whether or not an election has been postponed due to COVID-19 or if polling locations have been changed. Attacks against these notification mechanisms can have a significant impact on the number of voters that a polling location or precinct can support.
DDoS Attacks Are Growing More Common
One potential threat to US elections is the DDoS attack. DDoS attacks are not designed to steal sensitive information or plant malware on a system. Instead, they try to deny access to a target system, which can have major repercussions if targeted at the right place.
DDoS attacks are designed to take down systems by overwhelming them with more data than they are capable of processing. This is accomplished by using a botnet of attacker-controlled systems to send malicious or spam requests to an Internet-facing service. If the attacker can send more traffic than the target can handle, the availability and utility of the target service to legitimate users can be degraded or destroyed.
As the Internet has evolved, cybercriminals are finding it easier and easier to acquire the computational and network resources that they require to perform these attacks. The rise of the Internet of Things (IoT) has had a significant impact on the number and size of the botnets used in DDoS attacks. IoT devices have notoriously poor security, including the use of default usernames and passwords (that cybercriminals can use to remotely log into and control them via Telnet) and a number of unpatched vulnerabilities (since people rarely run antivirus or think to apply software updates on their lightbulb or coffeemaker).
However, IoT devices are not the only cause of the rise of DDoS attacks. The availability of cheap cloud resources has inspired some cybercriminals to move their DDoS infrastructure to leased cloud services. With the cloud, the size of DDoS botnets, and the attacks that they perform, is not limited to the number of vulnerable IoT devices deployed where they are accessible from the public Internet.
The DDoS Threat to US Elections
The threat of DDoS attacks to the US election infrastructure is not a theoretical one. The Federal Bureau of Investigation (FBI) has actually issued a warning that they have detected DDoS attacks against voter websites at the state level.
These attacks attempted to deny access to voter registration and information sites by targeting their Domain Name System (DNS) infrastructure. DNS is the Internet protocol that resolves the domain names (like fbi.gov) typed by Internet users to the IP addresses that a computer requires to reach the desired site. By flooding the targets’ DNS servers with fake requests for nonexistent webpages, the cybercriminals degraded their ability to receive and respond to legitimate requests. As a result, citizens attempting to register to vote or to access information about polling locations may not have been able to do so.
Securing the Election Infrastructure
The US election process is relatively fragile, with certain states or regions having a disproportionate impact on the final result. A targeted attack that impacts voter turnout in these “swing” states or precincts could change the results of an election at the local, state, or even national level.
DDoS attacks against voter registration and information sites, like those observed and reported upon by the FBI, could have this impact on voter turnout. If voters are unable to register to vote or reach their assigned precinct location, they may elect not to vote.
Ensuring the integrity of the US electoral process requires protecting critical election infrastructure from attack. This requires going beyond securing voting machines to ensuring the availability and security of voter registration and information sites.