Secure Electronic Voting Through DNS
With the November 7 election looming, state and local governments are scrambling to secure their electoral systems.
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.With the November 7 election approaching, state and local governments face increasing risk to electoral systems from easier-to-execute attacks on electronic voting infrastructure. The article explains that modern voting ecosystems include network-enabled inputs—computers that program ballots, tally votes, report results, and audit voting—that can be probed via phishing and other subtle intrusion methods, allowing advanced persistent threats to find and remain inside networks. It argues that DNS-based security offers a practical, client-facing detection and blocking capability for malware activity (over 90% of which uses DNS), enabling identification of EMS-directed searches and prevention of unauthorized access, exfiltration, or manipulation of election data amid underfunded local IT operations.
Why are modern voting machines vulnerable even if they are not connected directly to the internet?
Modern voting systems are vulnerable because they rely on network-enabled computers around the voting machines that perform critical tasks—programming ballots, tallying votes, reporting results, and auditing. Those support systems are often connected to open networks and can be compromised via indirect pathways such as phishing or other subtle intrusions. Once attackers establish an advanced persistent threat inside these networks, the disconnected voting machines can be reached through the compromised management systems, making direct internet connection of the voting machines unnecessary for an attack to succeed.
How can DNS-based security detect attempts to compromise an Election Management System (EMS)?
DNS-based security can detect attempts to compromise an EMS by monitoring and analyzing DNS queries from hosts within the network. Because more than 90% of malware uses DNS for communications, a client-facing DNS security system can identify suspicious queries that indicate malware searching for an EMS or attempting command-and-control interactions. By tracing the source of those queries and applying DNS behavior policies, the system can block traffic from unauthorized devices or destinations, thereby preventing malware from locating, accessing, exfiltrating, or manipulating EMS data used to program ballots or report results.
What operational challenges limit election commissions' ability to secure voting infrastructure, and how does DNS security address them?
State and local election commissions often lack dedicated network security personnel and sufficient funding, leaving them without robust methods to vet and protect voting machines and their supporting systems. These resource constraints make it difficult to detect advanced persistent threats that enter via phishing or subtle vectors. DNS-based security provides a practical cornerstone for defense because it leverages a pervasive network service to detect and block malicious activity with lower operational overhead: it identifies malware behavior through DNS queries, traces suspicious sources, and enforces behavior policies to block unauthorized traffic, offering protection even when specialized security staff or extensive resources are unavailable.
With the November 7 election looming, state and local governments are scrambling to secure their electoral systems.
Manipulation of electronic voting machines has always been a possibility. The only difference now is the relative ease of pulling it off. It took hackers at the recent DEFCON conference only 90 minutes to break into a voting machine.
The threat is no longer theoretical, either. Investigators recently found evidence of tampering with voting machines in 39 states, with reports suggesting that the problem may be even more widespread.
Many election officials are lulled into a false sense of security by the fact that voting machines are not usually connected directly to the internet. Unfortunately, that doesn’t account for the many network-enabled inputs into modern voting machines. The computers that program the ballots, tally votes, report results and audit voting, are all connected to open networks, making them just as vulnerable.
Those vulnerabilities are not usually the result of direct “brute force” hacking. They often find their way in through phishing emails or other subtle points of entry. Once these advanced persistent threats are inside a network, it is very difficult to find and eliminate them.
DNS Data Can Detect EMS Hack
This is where Domain Name System (DNS) can play a critical role in securing election infrastructure. Over 90% of malware uses DNS – its pervasive nature an ideal mechanism for infiltrating a network.
In attacks on voting systems, malware will search for the Election Management System (EMS) that sets parameters and formatting for ballots – the single point of entry for disconnected voting machines. A client facing DNS-based security system can identify these searches and trace their source. When suspicious queries are identified, DNS-based behavior policy can block all traffic from unauthorized computers.
The same holds true for tabulating and reporting results. When ballots are uploaded to a connected system, DNS security systems can identify and block any attempts to access, exfiltrate, or manipulate the information.
The security of voting systems is vital to the future of democratic government, yet the IT resources of state and local election commissions are woefully underprepared and underfunded. Few have dedicated network security personnel, let alone a method for vetting the security of voting machines themselves.
DNS-based security can serve as a vital cornerstone for a network defense security strategy that our electoral systems desperately need.
Published in:
BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.
Related content
BlueCat DDI data boosts Cisco Cloud Control AI-driven operations
BlueCat’s integration with Cisco Cloud Control provides AI agents with access to trusted DDI data for network investigation and remediation.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.