In Election Year, Cyber Defenses are Essential


On February 6, 2020, CNN reported that a recent US Government Accountability Office report found that the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) “is not well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle.” That’s unsettling, given that the country has just begun conducting presidential primary races, and just finished three years of high-profile investigations into foreign meddling and interference in the 2016 US elections.

And, to add to the concern, last week BleepingComputer reported that the US Federal Bureau of Investigation (FBI) issued a Private Industry Notification (PIN) to report a distributed denial of service (DDoS) attack on a state voter registration site. The FBI did not indicate which state voter registration system had been impacted, and it was not disclosed what, if any, impact the DDoS attacks had on voter registration or records. In a democracy the ability to vote is one of the most sacred rights, so one would hope that none of the constituents in that state were blocked from registering while the site was under attack.

According to the FBI PIN seen by BleepingComputer, “The FBI received reporting indicating a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack.” According to the FBI, “The requests occurred over the course of at least one month in intervals of approximately two hours, with request frequency peaking around 200,000 DNS requests during a period of time when less than 15,000 requests were typical for the targeted website.”

The good news is that it is possible to mitigate PRSD attacks, using deep packet inspection and Corero’s SmartWall flex rules, for example. An automated DDoS protection system can immediately detect malicious packet flows, formulate mitigation filtering rules, and apply these rules, on the fly, without any intervention from security analysts or network operators.

The DHS CISA offers a list of guidelines for handling DDoS attacks; unfortunately, those guidelines are somewhat lacking. For example, one of its recommendations is “The best way to detect and identify a DoS attack would be via network traffic monitoring and analysis.” Actually, most modern DDoS attacks are relatively small in volume, and short in duration, so they often go undetected because they fly beneath the radar of security systems not specifically designed for DDoS protection. Another piece of advice from that government list is “Enroll in a DoS protection service that detects abnormal traffic flows and redirects traffic away from your network. The DoS traffic is filtered out, and clean traffic is passed on to your network.” Truth is, not all DDoS protection is equal; if CISA is suggesting that organizations should rely solely on an out of band scrubbing service, that has major disadvantages, as we previously discussed here.

As the election season heats up, government agencies and political campaigns must take steps to improve their cybersecurity postures, and they should start by implementing effective DDoS mitigation. DDoS attacks are among the most common, easy and inexpensive attacks in the cybercriminals’ arsenal, yet they are now sophisticated enough that they are typically impossible to stop without an effective, always-on, real-time DDoS mitigation solution.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments, without the downtime, or hassle, associated with other solutions. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.