BLOG

Bolstering digital capabilities ahead of the 2024 election

Understanding and safeguarding against potential cyber crises.

Elections are a critical and sacred moment. Since the country’s first elections, those charged with making sure our elections are run accurately and safely built in safeguards so voters could trust their ballots were being properly counted.

Man voting securely in the 2024 US election.

As technology has advanced, so too have the challenges that election officials face before, during, and after elections. Whether malicious influence from foreign or domestic interests, physical safety of voters and poll workers, or ensuring both votes and the personal information of the voters are securely transferred and accurately counted, election officials face many areas where technology creates vulnerabilities for the voting process.

However, technology also offers the tools to bolster protections throughout the election and voting process. As large events elevated security threats around the world, and increased web traffic and engagement sparks even more interest in the coming 2024 elections, Granicus is working with election officials to increase awareness around election security and providing features within their products that continue their dedication to top-tier security for government agencies.

DoS and DDos: an all-too-common cybersecurity threat

For almost as long as there have been digital solutions in the private and public sectors, there have been those parties who seek to abuse those systems for profit or other personal gain.

While the evolving battles in cybersecurity reflect a growth in technology, one of the most common types of threat facing digital government is one with perhaps the simplest premise: Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

This type of cyberattack occurs when a website, server, or network resource is overwhelmed with malicious traffic. As a result, the target crashes or is unable to operate, denying service to legitimate users and preventing legitimate traffic from arriving at its destination.

These kinds of targeted attacks can be harmful for any organization that requires a consistent flow of information and engagement. But for election officials working tirelessly on Election Night to gather and report large numbers of data in a short period of time, DoS and DDoS attacks can cripple the election process.

Some common types of DoS and DDoS attacks include:

  • A network resource overload that consumes all available network hardware, software, or bandwidth of the target. This can come from exploiting a server vulnerability or inundating servers with requests or using a third-party server (or “reflector”) as an intermediary that hosts and responds to the given spoofed source IP address.
  • Protocol resource overloads consume the available session or connection resources of the target, preventing any incoming or outgoing connections to conduct intended business.
  • An application resource overload consumes the available computing or storage resources of the target, impacting the ability for the target to process any information.

Denial of Service attacks can originate from more than one attacking machine operating in concert, often leveraging a botnet (a group of hijacked internet-connected devices) to carry out large-scale attacks that would otherwise appear to come from many different attackers. A botnet can even include Internet of Things (IoT) devices, such as those found in homes and offices, which often use default passwords and lack sound individual security protocols, making them vulnerable to use by a botnet.

As a result, DoS and DDoS attacks can vary in scale. The more traffic a DDoS attack produces, the more difficulty an organization will have responding to and recovering from the attack, as well as making it more difficult to identify the true source of the attack.

Phishing: Combining human interaction and technology for malicious purposes

While DoS and DDoS attacks leverage the anonymity of multiple computers to negatively impact an organization’s website, phishing takes almost the inverse approach, relying on an individual within an organization to provide access.

Phishing attacks rely on social engineering over email, where an individual will receive an email that is crafted to look like legitimate communication but contains links and/or attachments that allow the attacker to install malware on the user’s machine or capture their information, such as usernames and password. Common examples of phishing emails include:

  • Informing the recipient that they need to change their social media password
  • Indicating they’ve signed up for a service that they can dispute by clicking the provided link
  • Including an attached document that installs malware when opened.

Text message-based phishing, known as SMSishing, is also common, where an individual will receive a text message with malicious intent, similar to email phishing.

These attacks may include an element of impersonation, where the attack is carefully crafted to appear to be coming from a person or company known to the recipient. A particularly insidious and all too-common impersonation attack is via a phone call, where an individual receives a call from an attacker posing as a known, trusted person, in an attempt to extract information. This frequently takes the guise of a call from a technology support department indicating a password reset is required and that the individual needs to provide their current password to verify their identity. Election officials can be at particular risk to these kinds of attacks as scammers often pose as “government officials” as part of the impersonation.

While most people believe they would not fall victim to a phishing attack, the results suggest otherwise. A report from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI shows that more than 300,000 phishing incidents have been reported every year since 2021, far outpacing the most common types of socially engineered attacks on technical services. Notably, ahead of the coming elections, government impersonation attacks increased by 63% in the last year, with all types of impersonation attacks accounting for $1.3 billion in losses.

Preparing safeguards for the 2024 election

While any time is a good time to make sure organizations are best positioned to defend against potential cyberattacks, the upcoming elections mark a significant event that demands good cyber hygiene and a reinforcement of organization-wide best practices to maintain readiness.

CISA and the FBI recommend the following steps to best position organizations to prevent against DoS and DDoS attacks:

  • Identify services exposed to the public and any vulnerabilities that might expose those services on the public internet. Prioritize assets based on criticality and need for availability.
  • Understand how users connect to the organization’s network. Users may connect onsite or remotely via virtual private networks (VPNs). By identifying potential network chokepoints and planning any mitigations that may minimize disruptions to key personnel, organizations can be better prepared to mitigate impact from potential attacks.
  • Protect systems and services by enrolling in a DDoS protection service that can monitor network traffic, confirm the presence of an attack, identify the source, and mitigate the situation by rerouting malicious traffic away from your network. Organizations should enroll in a DDoS protection service after completing a review of critical assets and services.

Many organizations have security features in their current systems that might be underutilized but can make a significant impact on security such as multi-factor authentication (MFA), email filters to identify and block malicious content, and domain-based message authentication reporting (DMARC) to better track the authenticity of messages.

Establishing internal best practices and routines can also help prevent socially engineered attacks such as phishing. Some common considerations include:

  • Joining the Center for Internet Security’s Elections Infrastructure Information Sharing and Analysis Center. This group works closely with election officials and security and technology personnel to provide the highest standards of election security, including incident response and remediation through a team of cyber experts.
  • Implement and rehearse an incident response plan in order for staff to be prepared for action should a cyberattack take place during the elections.
  • Never share passwords or accounts.
  • Ensure users of the software are onboarded with training and stay authorized.
  • Define, limit, and closely control system administrators.
  • Immediately deactivate system access after an employee leaves the organization.
  • Test push-based communications with internal and external sends.
  • Test web property updates.
  • Capture and maintain a map of the organization’s webpages and landing pages to ensure clarity on what the public is seeing on the website.
  • Remind staff to stay diligent and escalate any suspicious activity.

How Granicus safeguards its systems and customers

Network cybersecurity engineer working in the server room.

As a supplier of critical-level tools to local, state, and federal governments, Granicus always maintains a focus on security of the data of our customers and the citizens they serve. This includes maintaining a 24x7x365 Security Operations Center and a wide array of security capabilities to protect the various parts of our technology ecosystem.

Elections have historically brought with them a heighted cyber threat environment, and 2024 is no different. There has already been a large amount of threat intelligence indicating that threat actors are planning to target election-related infrastructure and government systems, such as websites.

Granicus is taking a number of steps, some of which are outlined below, to review and prepare for this reality.

  1. Focusing on DDOS: Particular focus on our web (CMS) products as these are typically the most at risk from this type of attack. Our web products, such as Vision and OpenCities, are fronted by industry leading traffic scrubbing companies, including Akamai, as an example. These companies “scrub” all traffic coming to our websites we host for our customers, identify malicious traffic, and protect against DDoS attacks.
  2. Protecting email and data: As discussed earlier in this document, phishing is the most common vector by which breaches are initiated. To protect against phishing attacks, Granicus operates an industry leading inbound email gateway that analyzes all incoming email and prevents delivery of anything it may deem malicious. This email gateway works in a layered defense model with other capabilities, such as a Secure Web Gateway, that blocks navigation to malicious sites and download of suspicious files. As part of our election preparedness efforts, we are reviewing our policies in these capabilities and strengthening them where appropriate. Additionally, we are providing extra awareness training (above and beyond our ongoing security awareness program) to our employees to reinforce that vigilance is critical.
  3. Receiving and Operationalizing current threat intelligence: One of the tools in a Cyber team’s toolbox is having robust and valuable threat intelligence. Granicus consumes a number of commercial threat intelligence feeds and fully operationalizes them into our various security capabilities. For example, threat intelligence such as specific indicators of compromise (IOCs) are incorporated in our Endpoint Detection and Response tooling to ensure that we can identify any sign of the activity associated with that intel. To prepare for the election, Granicus is driving further integrations of our existing threat intel providers and procuring additional intel to ensure a complete view of the threat landscape we face.

We’re also taking additional security steps as the election approaches.

Due to the importance of election integrity, out of an abundance of caution, current Granicus solution users will experience a code deployment pause from Oct. 23 through Nov. 6.

However, the 24/7/365 white glove support that comes with Granicus will continue to provide support and direction as needed throughout the election cycle and beyond.

Learn more about how Granicus solutions can create secure digital experiences for your organization.

Author
Lenny Maly
Chief Information Security Officer, Granicus
Topics covered
DoS and DDos: an all-too-common cybersecurity threat Phishing: Combining human interaction and technology for malicious purposes Preparing safeguards for the 2024 election How Granicus safeguards its systems and customers Code deployment pause

Recent blogs

Five reasons government agencies should use SMS Post Image

Five reasons government agencies should use SMS

Read more
AI and Innovation: County CIOs on the future of government policy and operations Post Image

AI and Innovation: County CIOs on the future of government policy and operations

Read more
Journey Genius: How data and AI are revolutionizing customer experience Post Image

Journey Genius: How data and AI are revolutionizing customer experience

Read more
Driving toward digital accessibility compliance Post Image

Driving toward digital accessibility compliance

Read more
Granicus acquires Simpleview to help build digital experiences that address the whole community Post Image

Granicus acquires Simpleview to help build digital experiences that address the whole community

Read more
Ready, Set, Go: Take the Granicus Digital Readiness Assessment Post Image

Ready, Set, Go: Take the Granicus Digital Readiness Assessment

Read more
BEGIN THE JOURNEY

Ready to deliver exceptional outcomes?

Book a demo