Secure Electronic Voting Through DNS

With the November 7 election looming, state and local governments are scrambling to secure their electoral systems.

With the November 7 election looming, state and local governments are scrambling to secure their electoral systems.

Manipulation of electronic voting machines has always been a possibility. The only difference now is the relative ease of pulling it off. It took hackers at the recent DEFCON conference only 90 minutes to break into a voting machine.

The threat is no longer theoretical, either. Investigators recently found evidence of tampering with voting machines in 39 states, with reports suggesting that the problem may be even more widespread.

Many election officials are lulled into a false sense of security by the fact that voting machines are not usually connected directly to the internet. Unfortunately, that doesn’t account for the many network-enabled inputs into modern voting machines. The computers that program the ballots, tally votes, report results and audit voting, are all connected to open networks, making them just as vulnerable.

Those vulnerabilities are not usually the result of direct “brute force” hacking. They often find their way in through phishing emails or other subtle points of entry. Once these advanced persistent threats are inside a network, it is very difficult to find and eliminate them.

DNS Data Can Detect EMS Hack

This is where Domain Name System (DNS) can play a critical role in securing election infrastructure.  Over 90% of malware uses DNS – its pervasive nature an ideal mechanism for infiltrating a network.

In attacks on voting systems, malware will search for the Election Management System (EMS) that sets parameters and formatting for ballots – the single point of entry for disconnected voting machines. A client facing DNS-based security system can identify these searches and trace their source. When suspicious queries are identified, DNS-based behavior policy can block all traffic from unauthorized computers.

The same holds true for tabulating and reporting results. When ballots are uploaded to a connected system, DNS security systems can identify and block any attempts to access, exfiltrate, or manipulate the information.

The security of voting systems is vital to the future of democratic government, yet the IT resources of state and local election commissions are woefully underprepared and underfunded. Few have dedicated network security personnel, let alone a method for vetting the security of voting machines themselves.

DNS-based security can serve as a vital cornerstone for a network defense security strategy that our electoral systems desperately need.


Published in:


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Enhance RBAC for Microsoft DNS and DHCP servers with Micetro

Learn how easy it is to implement enhanced role-based access controls for Microsoft DNS and DHCP server environments with Micetro.

Read more

Micetro 11.1 boosts DHCP management for Cisco Meraki SD-WAN

Learn how BlueCat Micetro 11.1 can help you overcome the limitations of Cisco Meraki SD-WAN devices to manage your distributed DHCP architecture.

Read more
Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more