Election security has become one of the most talked-about cybersecurity topics in recent years.
With nation-state-backed cyber interference in the 2016 US election and the 2020 US election most famously confirmed, the need to keep the election process -- at all levels across all geographies -- security has never been more critical.
We had the opportunity to discuss election security with three executives from companies that contribute to different parts of the election security process:
Haim Zelikovsky-VP Cloud Security Services, Radware
Blake Wetzel - Chief Operations Officer and Chief Revenue Officer, TeraGo
Brian Lack- President, Simply Voting Inc.
Radware®, a cybersecurity and application delivery solutions provider, and networking, colocation and cloud services provider TeraGo Inc., recently announced the development of a security solution that protects online elections from potential cyber-attacks for Simply Voting, Inc. Simply Voting is a Montreal-based full-service provider of secure, hosted online elections, serving more than 3,000 different organizations (such as municipalities, universities, and unions) in 67 countries to safely execute their elections.
We dive into threats to election security, how security can improve, and what this latest announcement means for the bottom line of election security in this Q&A.
What are the common threats to election security?
Blake Wetzel, TeraGo: With the increasing operation of on-line voting, cyber-attacks, including large volume floods of traffic aimed at disrupting the service are the most common threats to election security.
In particular, a lot of the security complications arise at the firewall as it maintains all the connections allowed by its security policy, even for stateless protocols such as UDP or ICMP. The nature of this operation makes a firewall vulnerable to attack, requiring a full protection solution that detects and mitigates a wide range of network attacks.
Online elections require the absolute best security solutions in order to detect unknown traffic with unknown domain names. Consistent monitoring of the network data is essential to oversee its movement, adhere to data sovereignty regulations and prevent against interference.
Brian Lack, Simply Voting Inc.: I'll answer specific to internet voting, as paper elections have their own security profile. There are many layers of threats to an internet voting system including threats that are typical of any web application and some that are specific to elections.
Some typical areas of concern include:
Server penetration, exploiting vulnerabilities in server software or configuration
Eavesdropping on traffic, exploiting vulnerabilities in encryption (e.g. BEAST, Heartbleed, etc.)
Application vulnerabilities (e.g. SQL injection, cross-site-scripting, session hijacking, etc.)
Denial of Service (DoS) attacks
Electoral areas of concern include:
Ensuring the identity of the voter during authentication
Ensuring voter eligibility
Ensuring only 1 vote per voter
Preserving the secrecy of the ballot
Preventing malicious users (election organizers) from undermining electoral integrity
Vote buying & voter coercion
Transparency and auditability
Haim Zelikovsky, Radware: One of the biggest security issues about elections is the digitalization of the process. With the introduction of technology came a threat landscape that grew larger than some anticipated…or could control. For example, for a Denial-of-Service (DoS) attack to be successful, there must be a large number of users who are dependent on a service, like digital polling results.
Three common threats include:
Preventing access to electronic voting systems for legitimate voters using DDoS attacks.
Breaching the elections systems for the purpose of damaging or changing the data in the voting process using web application attacks that leverage web app vulnerabilities in the voting systems.
Logging into the voting systems with stolen identity/credentials using malicious Bots for Account Take Over (ATO) attacks).
In September, Radware published an assessment of recent DDoS attacks related to election processes around the world. Throughout the year, several countries have experienced service degradation caused by DoS attacks during their election processes. Typically, voting machines were not directly targeted during these attacks. Instead, malicious actors targeted the election infrastructure, reporting websites, and the ISPs themselves. These attacks were specifically designed to delay information such as polling results or to project political instability at a critical moment.
How does this new collaboration help combat election security challenges?
Brian Lack- President, Simply Voting Inc.: This joint implementation of an advanced DDoS protection solution completely and unequivocally strikes DoS off the list of threats, while enhancing our posture for secrecy of the ballot and man-in-the-middle threats.
Radware’s DDoS protection service monitors all traffic entering its network for large-volume floods that aim to disrupt the services. Features of this best-in-class protection include behavioral-based detection using advanced, patented machine learning algorithms to protect against known and unknown threats; protection against network and application-layer DDoS attacks, protection against encrypted flood attacks without requiring customers to provide decryption keys and without adding latency in peacetime, as well as extensive compliance options and certifications, unparalleled by any rival, including industry-specific certifications such as PCI and HIPAA, as well as cloud security standards such as SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, ISO 27032, etc.
Simply Voting enjoys the protection of an always-on solution that combines Radware’s DefensePro attack mitigation appliances with its Cloud DDoS Protection Service. The DefensePro locally filters all traffic entering Simply Voting’s private cloud infrastructure hosted at Terago data centers. If additional mitigation capacity is needed the DefensePro automatically triggers a redirection of traffic to Radware’s cloud-based scrubbing centers. This hybrid solution leverages the real-time protection and minimal latency of an on-premise solution with the massive capacity of a cloud service that is activated on demand.
Common solutions for DoS attack mitigation such as our previous provider (CloudFlare) were essentially a reverse proxy that was always on. The scrubbing center would constantly decrypt traffic from the end user, inspect it, re-encrypt it, and pass on to our servers. This puts a lot of trust on the provider as they could see and theoretically manipulate traffic in clear text. Obviously CloudFlare is "White Hat" and has robust security measures, however this arrangement did add an element of exposure. The collaborative solution between Radware and Terago, on the other hand, provides excellent protection without handing over the decryption keys. Only the voting system itself may encrypt or decrypt traffic, even when it is diverted through the cloud scrubbing centers.
Blake Wetzel, TeraGo: With TeraGo & Radware’s combined DDoS protection service, companies such as Simply Voting, can monitor all traffic entering its network for large-volume floods that usually disrupt the services. The service offers protection from all types of DDoS attacks, including network-layer and DDoS attacks. Unique features of the service also include patented machine learning algorithms to spot suspicious behaviours and the tactics, to protect against known and unknown threats, zero-day protection against network and application layer DDoS attacks, protections against SSL- based attacks as well as comprehensive compliance options and certifications.
How can election security improve?
Blake Wetzel, TeraGo: Today’s voting platforms require the highest level of security with superior real-time protection with minimum latency. In order to maintain these standards, voting platforms require, secure and robust solutions to store and monitor their data. For instance, Simply Voting leverages TeraGo’s private data centres which are consistently monitored for potential attacks. Should an attack occur, the combined TeraGo and Radware DDoS service will automatically detect the high-volume attack using proprietary AI and re-route to the cloud.
Haim Zelikovsky, Radware: Election security over the internet can be improved by implementing additional layers of cyber security to digital voting systems. It’s not only DDoS attacks that need to be blocked from voting systems. For example, you want your systems to be protected from web application attacks and bots that may use ATO attacks to try and log into voting systems with stolen identity/credentials.
How would you like to see election security move forward?
Blake Wetzel, TeraGo: We would like to help accelerate the success of voting platforms like Simply Voting, by continuing to secure and support their critical applications so that they can improve voting processes and efficiencies for Canadians across the country. These platforms require real-time protection and preservation of voting traffic in order to give voters the utmost confidence of the outcomes and results. We hope by continuing to partner with best-in class brands to deliver security services that will elevate Canadian voting.