Shielding the Ballot: Cutting-Edge Cybersecurity Tactics for Safeguarding Election Websites

June 22, 2023

security link on monitor with mouse hovering over it

It’s no question that election-related websites hold immense significance and face heightened scrutiny. Breaching these websites often yields significant political, social, and economic impacts, allowing adversaries to manipulate voter data, disseminate false information, or disrupt the registration and voting processes. As high-profile targets for cyber attacks, their protection is paramount. 

Imagine a successful attack on your government website.

During the 2020 U.S. Presidential election, Florida's voter registration website encountered a disruptive outage on the crucial final day of registration. Florida's Secretary of State blamed the crash on an unprecedented volume of traffic to the site. This raised concerns about the integrity of the site and whether it had been targeted by a coordinated denial-of-service attack, though an investigation determined that it was not the case. 

Further investigation revealed that the website's failure was attributed to its inability to cope with the sudden surge in user traffic. Although not classified as a cybersecurity breach, this underscored the pressing requirement for adaptable and dependable election infrastructure capable of efficiently managing substantial influxes of visitors, particularly during pivotal moments. Employing a scalable server infrastructure complemented by safeguards such as a Content Delivery Network (CDN) could have potentially averted such a disruptive occurrence, emphasizing the importance of robust technological measures in safeguarding the electoral process.

While this serves as just one example, its implications can extend far beyond the immediate consequences of breaches. 

That’s why at Interpersonal Frequency, we always recommend your primary focus to be Proven User Success. This means employing methods that guarantee both the public and government employees can seamlessly navigate and utilize digital platforms, including election websites. 

A Closer Look at How To Secure Your Election Websites

Threat actors frequently target state and local election websites through a range of malicious tactics, including Distributed Denial-of-Service (DDoS) attacks, phishing attempts, and ransomware incursions. 

Any one of these tactics can have a lasting impact, including the trust of your community and the national consequences of stolen data. You can start improving the security of your election website today.

 

Start with the Basics: Protections Your Website Must Have

To bolster your website's security and effectively handle network traffic, you need to make sure these essential elements are in place.

WAF (Web Application Firewall), DDOS (Distributed Denial-of-Service) protection, and CDN (Content Delivery Network) Protection.

While Cloudflare offers these services at no charge for municipalities hosting election-related websites, we recommend a comprehensive solution that covers all your websites. These cloud-based security and bandwidth-related services are now more accessible than ever before, with simplified configurations and significantly reduced costs, with some even being available for free to election websites.

Keep your content management system (CMS) and servers patched and maintained..

Even though it may seem like an obvious practice, keeping systems properly patched and up to date is a fundamental measure that is often neglected. 

For example, we have observed instances where customers exposed their Changelog.txt server files, granting direct access to version numbers. This creates an opportunity for savvy attackers to easily identify vulnerabilities. 

You should also consider replacing old CMS software with a decoupled CMS. By separating the front-end and back-end components, potential vulnerabilities are mitigated, reducing the overall attack surface.

User Education and Training.

User Education and Training play a vital role in safeguarding against cyber threats. By educating users and providing them with the necessary knowledge to recognize and steer clear of potential dangers, such as phishing attempts and suspicious downloads, we effectively empower them to act as a human firewall, protecting against cyber attacks. 

Level up your security best practices.

Here’s what you can do next to evolve your site’s security.

Consider a .gov domain.

We recommend using a .gov domain name -- which is only available to verifiable government entities in the USA -- over a .org or even a .com domain name for communities. Since the .gov domain name is restricted to governments, it not only creates greater trust from the public, but mitigates the domain name registration expiration issue we’ve seen a few government customers experience. 

Vulnerability scans

Conducting regular vulnerability scans on election websites is crucial for maintaining strong protection against emerging threats and instilling confidence in the security of critical infrastructure. Embracing this practice not only safeguards your digital assets but also provides assurance that proactive measures are in place to defend against potential breaches.

Sign up for CISA’s Cyber Hygiene Vulnerability Scanning.  This free-of-charge service proactively scans for known vulnerabilities within your systems, enabling the identification and patching of security weaknesses before they become targets for malicious actors. 

Install and monitor intrusion detection software

Intrusion Detection Systems (IDS) monitor network activities for malicious behavior, providing automatic alerts to administrators for potential compromises and security policy violations. This real-time protection enables immediate response to threats, minimizing potential damage and complementing existing preventive measures.

Here are some top recommended intrusion detection software that are open source (not a comprehensive list:

  • Snort: One of the most widely used open-source IDS platforms. Snort can perform real-time traffic analysis and packet logging, detect probe attacks, OS fingerprinting attempts, and much more.
  • Suricata: An open-source network IDS, IPS, and network security monitoring engine, Suricata is recognized for its high performance and versatility.
  • Zeek (formerly Bro): An open-source IDS that's highly flexible, supporting a wide range of network security monitoring tasks. Its scripting language allows for site-specific policies.

A Proactive Approach is the Best Approach. 

You should be preparing your election website’s security well before the actual election takes place.

Create a response plan.

Develop a comprehensive cyber response plan for potential attacks or intrusions, encompassing key personnel identification, communication protocols, system isolation procedures, data backup and recovery processes, and a public relations strategy. Regularly review and update the plan, ideally on an annual basis or when significant system changes occur.

Don’t forget tabletop exercises and drills.

Regularly testing your response plan through simulated incidents or tabletop exercises ensures its effectiveness and familiarizes stakeholders with their roles. By identifying gaps and inefficiencies in a low-stakes scenario, teams can make necessary adjustments and improvements, building confidence and preparedness for real incidents.

Join Elections Infrastructure

 ISAC, which is free for U.S. Elections Organizations.This organization offers services such as threat intelligence briefings, incident response assistance, and cybersecurity best practices, this network provides valuable support. It facilitates the timely exchange of threat information and fosters collaborative defense efforts among its members, ultimately enhancing the collective security stance.

In the face of ever-evolving cybersecurity challenges, ask an expert. 

If you don’t already, consider having a consultant like Interpersonal Frequency, who is familiar with your election website architecture and can provide support for you, particularly during peak times (during and right after elections).

Below are the commitments we made to customers during election week last year, which you can use as a guide as to what to ask for from your election-website related consultant:

  • We proactively monitored system performance using both automated and manual means (e.g., New Relic, Intrusion Detection Systems)  to help ensure any outside-of-normal patterns are detected. This includes monitoring all ingress/egress, HTTP/s services, and related ports. 
  • As a further precaution, we doubled on-call coverage after business hours with additional team members in case of any issues during the election day and the day after.
  • An additional security consultant will be available to our customers and our internal teams during election week.

Reach out to us to learn more about how we can fortify your website's defenses against malicious attacks and ensure uninterrupted access for users.