During the run-up to the U.S. elections, several Mississippi state websites were knocked offline. Several sites were affected during the eve midterm elections. This ‘distributed denial-of-service’ (DDoS) attack was the most significant disruption of the day but did not succeed in interfering with the voting or counting process.
In a DDoS attack, the attacker enlists the help of (many) thousands of Internet users to each generate a small number of requests which, added together, overload the target.
It was later revealed that a pro-Russian hacking group took responsibility for the attack. The origin of the attack is of concern for it is speculated that if Donald Trump was to seek the Republican nomination for president for a third time, the level of Russian backed activity would increase with activities from Russia directed towards securing a new Trump term in the White House. This would mirror the situation that occurred in 2016.
Looking into this example of state sponsored interference for Digital Journal is Daniel Selig, Security Automation Architect at Swimlane.
Selig begins by considering the security issues that surrounded the election: “Midterm election security has been on the minds of state governments for weeks, with at least 14 states activating the national guard to combat cyberattacks on Election Day. While many elections took place without incident, Mississippi state websites experienced a distributed denial-of-service (DDoS) attack for which a pro-Russian hacking group has claimed credit. Following the massive amount of Russian interference during the 2016 election, there has been much unease around foreign influence in US elections.”
Looking at the attack vector more generally, Selig finds: “Oftentimes, DDoS attacks are used during elections to result in large-scale disruptions or prevent people from voting. Since voting is the cornerstone of our democracy, it is essential that government organizations take the appropriate actions to ensure votes maintain their confidentiality and integrity, and voting infrastructure remains intact.”
The general concerns are at the forefront of some announcements from the U.S. government, as Selig points out: “Just last week, CISA and the FBI released a public service announcement (PSA) about combating DDoS election attacks. To further reduce the risks of election insecurity, government organizations should implement an all-encompassing platform that centralizes detection, response and investigation protocols into a single effort and helps security teams automate certain tasks.”
Furthermore: “Low-code security automation allows organizations to utilize streamlined detection and implement proper and effective incident response. Implementing these security controls can ensure top-notch protection and keep essential services like voting up and running.”