Is the U.S. Vote Vulnerable to DDoS Attacks?

While recent discussion around the upcoming U.S. presidential election has centered on the safety and efficacy of mail-in ballots, overall security concerns over the nation’s voting system remain extremely high. The decentralized nature of our election system, which is managed at the state and local level, creates a hodge-podge of procedures, systems, and technologies for managing eligible voter registration databases, the actual voting process, and tallying and reporting results.

Some of this technology is quite old and may be vulnerable to attack by those intent on disrupting, altering, or casting doubt on the outcome of elections. Ultimately, it all comes down to faith in the fairness and accuracy of our election system, which is the backbone of our democracy.

DDoS Attacks: A Clear and Present Danger

While many of the voting systems in this country claim to be hardened against hackers and attackers, risks do remain. According to NBC News, cybersecurity experts who specialize in voting systems and elections found that “the three largest voting manufacturing companies have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet.”

Back-end systems that connect to the internet and associated networks represent a point of vulnerability that exposes voting systems to all sort of security threat, not least of which are Distributed Denial of Service (DDoS) attacks. These types of attack typically target networks, servers, web applications, or services—overwhelming them with a flood of unwanted internet traffic and causing them to slow down or outright fail. Were this to happen to voting systems on election night, the consequences could be calamitous.

Making matters worse, DDoS attacks in general are on the rise. Numbers from Issue Five of our Threat Intelligence Report (out September 29^th.) show that DDoS attacks increased 15 percent in the first half of 2020, compared with the same time period of 2019. Even worse, they jumped 25 percent during the height of the Covid-19 pandemic lockdown from March-June.

Protecting Election Integrity Requires Threat Mitigation

Many local municipalities simply don’t have the IT expertise and resources necessary to stay on top of the latest DDoS threats, let alone mitigate these sophisticated attacks. This raises the question: How will we protect our election system and ensure a trusted outcome?

Fortunately, successfully defending against DDoS attacks is possible and can be achieved at the local level. But it does require the right tools and the right expertise. Effective DDoS protection necessitates deployment of purpose-built DDoS protection appliances and/or cloud-based protection services. These appliances act as a barrier and early warning system against a potential attack. Using hybrid solutions that combine both on-premises appliances and high capacity scrubbing centers, along with cloud-based mitigation services, municipalities can protect vital voting systems against the growing threats of attack.

Preventing our election systems from being exposed to DDoS attacks is just one of the many steps we must take to protect our revered institutions.