As November’s U.S. Presidential election gets closer, cybersecurity risks to the government’s critical infrastructure are rising.
Those threats include phishing, malware, and ransomware scams designed to compromise voter registration databases and government email systems, according to the Cybersecurity and Infrastructure Security Agency (CISA).
The FBI and CISA issued a separate alert about Distributed Denial of Service (DDoS) attacks, warning that “with election day (nearing) … DDoS attacks are one example of a tactic that we have seen used against election infrastructure in the past and will likely see again in the future.”
DDoS ambushes flood government websites with illegitimate traffic to knock them offline or slow them to a crawl. According to Zayo’s report on the State of DDoS Attacks:
- DDoS incidents against government targets lasted an average of over six hours during the first half of 2024, up 41% from a year earlier
- Government targets suffered the longest DDoS attacks of any industry sector
Elections in other countries have already been targeted this year:
- DDoS incidents hit several French government sites in March ahead of the summer national elections
- Before voting in European Union elections ended on June 9, pro-Kremlin hackers flooded the websites of two Dutch political parties with over one billion HTTP requests on June 5
How DDoS attacks target elections
Many DDoS attacks don’t actually target the digital components of the voting or tabulation process. Instead, they overwhelm government websites that citizens depend on for services, whether it’s applying for Social Security or paying a parking ticket.
“Affecting essential services for the public has a big impact because it tends to sow public distrust in the government,” says Shawn Edwards, Senior Vice President and Chief Security Officer at Zayo.
During elections, these incidents are often calculated to undermine voters’ faith in democracy itself. For example, a foreign government might use state-sponsored DDoS to tamper with elections in Western democracies: a 2019 study concluded Russia was behind DDoS attacks during elections in Finland and Ukraine.
DDoS instigators may also target the websites of certain political parties or candidates.
If a candidate’s stance on an issue is undermined by a DDoS attack that takes down their websites, it effectively silences their voice and impacts their campaign.
“If a candidate’s stance on an issue is undermined by a DDoS attack that takes down their websites, it effectively silences their voice and impacts their campaign. Such attacks can also disrupt critical media events, limiting their ability to communicate with the public,” says Edwards.
Two such incidents were timed to upstage or sabotage political events last year. A DDoS onslaught hit several Swiss government websites right before Ukrainian president Volodymyr Zelenskiy delivered a live video address to Switzerland’s parliament. The website for Canadian Prime Minister Justin Trudeau was felled by DDoS traffic just hours before he met with Ukrainian Prime Minister Denys Shmyhal.
DDoS attackers crave attention
DDoS is also a favorite way for hacktivists to draw attention to their cause as a mass digital protest against a specific government’s policies or actions. During opening ceremonies for the 2016 Rio Olympics, hacktivist group Anonymous flooded Brazilian government websites with traffic to protest evictions in Rio’s poorest neighborhoods.
Hackers weaponize DDoS during elections because, like the Olympic games, they’re huge global events. “They’re looking for notoriety and visibility. Everybody’s watching elections worldwide, so they use those opportunities in order to make a statement,” says Edwards.
What governments can do
Government IT systems are particularly vulnerable to DDoS incidents because they’re vast, complex, disparate, and interwoven.
“Governments have much more of a diverse infrastructure architecture. Every government department or entity is different and there are micro functions within the bigger function,” says Edwards. “Government systems are highly interdependent, so an issue in one small area can cause significant disruptions across larger, critical systems.”
Plus, DDoS attacks are becoming easier to execute – even for the least sophisticated cybercriminal. “Anyone can go on the dark web and buy a DDoS-for-hire by the hour or the minute. Give them a fraction of a bitcoin and they’ll just point their bots to pummel any side you want,” says Edwards.
But governments can take bold, strategic action to protect their infrastructure and mitigate the effects so there’s absolutely no end-user impact for citizens. Here are top tips from Edwards:
- Disperse network traffic geographically: “Don’t have everything all in one data center in Virginia. Maybe put something on the West Coast or the EU or Canada. That just adds a bit of resiliency so you can move your traffic to different locations if DDoS hits.”
- Maintain adequate network capacity: “You need enough bandwidth in order to weather a DDoS storm.”
- Deploy edge networks, SD-WAN, or SASE: These can mitigate DDoS impact as part of a multi-layered security strategy.
- Get automated DDoS protection: Zayo’s DDoS Protection is a good example; it automatically reroutes nefarious traffic away from your network to “scrubbers,” so only legitimate traffic gets through.
“Zayo’s DDoS Protection provides that kind of dedicated visibility, proactive monitoring, and automated mitigation you need to really fight off attacks. Our team is there watching and doing this 24 hours a day,” Edwards notes.
By monitoring and analyzing all your IP traffic in real-time, Zayo’s DDoS Protection service alerts you to unusual patterns that could be potential attacks. While automated features save a lot of time and resources, you still have the ability to manually fine-tune as needed.
Our multi-carrier DDoS protection works whether across all your network traffic, not just Zayo’s. So even if you use multiple Internet service providers, it’s that much easier to scale up your capacity to fend off persistent DDoS attacks.
“Zayo’s DDoS protection and network services complement each other that way. It’s a very unique position because you have all that network visibility and telemetry you don’t get with another managed service DDoS offering,” says Edwards.
Zayo’s resilient fiber infrastructure, deep network visibility, scalable capacity, and strategic DDoS Protection service are designed to keep the most important government services safe and accessible when citizens need them most, on election day and every day.