Cloudflare TV

2020 U.S. Election: Cybersecurity Analysis

Presented by Jocelyn Woolbright, Marc Lamik
Originally aired on 

At Cloudflare, we have the ability to identify, learn and analyze attack trends targeted at websites that provide authoritative election information. Join Cloudflare's Jocelyn Woolbright and Marc Lamik to discuss the 2020 election dashboard powered by Radar, analysis of our findings, and lessons learned during the 2020 U.S. election.


Transcript (Beta)

We're live. So hi, everybody. My name is Jocelyn. I'm the program manager for many of our corporate social responsibility programs here at Cloudflare.

And so I actually recruited Marc to this session to kind of talk about one of our new products called Cloudflare Radar to kind of learn about that.

And then we're also going to talk a little bit about the 2020 US election and some interesting findings that we that we had from a lot of our election participants and just kind of talk through, you know, what Cloudflare did in that space.

And I think it's actually really timely with our Radar product because as you know, we're going to talk about today, Radar is a really interesting product to kind of get an overview of traffic patterns, threat intelligence, but we'll definitely get into that a little later.

So Marc, thanks for, you know, coming on this session with me.

Thank you for recruiting. Yeah, perfect. So Marc, when did you, when did you start at Cloudflare?

And like, what's kind of like a little bit about your background and how did you start specifically working on Radar, for example?

Yeah, well, I started now 10 months ago as product director here in our Lisbon office.

And yeah, one of the first things when I joined the company, what I got to hear from a lot of people, hey, there's this new thing we're going to build, and we need to build and we're talking about it for years already.

We want to share like information and knowledge on the Internet that we want to want to share with the public and that we are having a unique point with Cloudflare have been like in the center of the Internet and being able to share that information.

And yeah, then talked to a ton of people in the company and found out what we actually can share and want to share.

And in the end, we came out with like something we were able to kind of give an overview about like the Internet traffic all over the world, giving insights over like threats that we see and that we are able to mitigate and also like giving insights into trends and like technology trends that are currently happening on the Internet and that were like kind of in or like that are already influencing how the Internet works.

Yeah, it's interesting.

So I work on the policy team. And whenever you know the idea of Radar came out, I think it was really exciting because, you know, we get to see a lot of interesting types of attacks against, you know, all of the groups on Cloudflare and, you know, in a very privacy centric manner, but like being able to share that information is also, I think, really useful for others who who work in that space.

So, you know, when you think about Internet trends, it's really useful to kind of dive into that information and figure out, you know, what is the most useful information.

I think one of the whenever Radar was kind of, you know, talking about it.

One of the examples was like, for example, like if a journalist wanted to know what social networks people were using, you know, in a specific country, that's really interesting information they can use and we're able to provide that information.

So again, you know why we built Radar, what do you think the main like use cases for Radar are and what do you see you know, primarily like how the product started, you know, like where we are now with it?

Yeah, I think use cases are like super diverse.

It starts from from like the interested like person who wants to get to know more about the Internet and wants to kind of see how different events are reflected on like the Internet traffic or like other like other KPIs on the Internet.

On the other hand, there's also like people who do it more for a professional sense like you mentioned journalists that are really, that need like really solid base of information.

And that's also something we want to provide.

So it's a very interesting mix of people using Radar from obviously people within Cloudflare like yourself to journalists, but we also like get a lot of feedback on Twitter, on Reddit from people who actually use Radar and find like interesting information for their work and their company or like just for interest.

Yeah, definitely. And I think it's actually probably useful.

Like, do you mind kind of pulling Radar up and we can kind of go through some of the high level points of how you know people use Radar.

I think it's, I love the dashboard.

So it's really easy to use and it's really easy to navigate.

But curious if we can kind of like dive deeper in some of the points that that Radar covers.

Yeah, let me quickly share it with you. So now you should be on Radar.

And so this is the the general overview on Radar. What we launched beginning of this year is kind of to give it as like a sub page on like how Internet was in the last year.

So we can dive into that maybe in a minute. Overall, this is the general dashboard.

So you're getting like the behavior of like Internet traffic over the last 24 hours or like longer timeframes.

You're able to see the top domains for like globally or for a specific country.

I think when you look into that there's like the classic top players there in the in the top 10 so nothing that that should come too surprising.

Then we're coming to the more Internet security related part.

So we are visualizing like how the distribution of DOS attacks was over the selected timeframe, including like where did we see those attacks coming from on what protocols.

We also showing application layer attacks, layer seven attacks that were mitigated by our DOS or firewall systems and how they kind of evolved over the last time.

And the last one is really about what I mentioned, like the trends that you can see on the Internet, which is new technologies like HTTP 3, which we see here.

How's the adoption going? How is it changing over time?

Similar like to new TLS to the new TLS standard, but also really interesting.

You can see like how much of the Internet is made out of bots or like automated traffic and human traffic.

And you can actually also filter like all the different graphs by human bot traffic.

You can see that during the day when people are at work, desktop traffic is higher.

And then when people go home and travel, then actually mobile traffic or travel like on the public transport, then actually the mobile traffic goes higher.

Things like that. So it's interesting to just dive in to look into some information.

And then you can get a good overview.

When we look at the year review, that was really about traffic patterns, how they changed.

So for example, Lisbon over time in the last year, you saw, you see, when the lockdown happened, the traffic patterns really changed in different regions of the city.

You could also look that up for other cities like Washington, how like you see like no lockdown, lockdown.

There's like kind of interesting change, traffic distribution.

Similarly, so it's a lot of information to scroll through how the like websites change.

So from entertainment and e -commerce, and you could see like the difference over the year.

And as well like cyber attacks.

Yeah, it's interesting on the cyber attack side saying, you know, since so many people are moving online, you know, what types of risks are associated with that.

And like, we've seen that a lot in the election space. So it's interesting to see, you know, at a higher level, like what this move online means for people and cybersecurity just in more of a general sense.

So thinking about kind of the back to one of your points about the bot traffic.

So is that, you know, common to see almost like half of the traffic, you know, coming from bots compared to humans?

Is that pretty normal in terms of just Internet standards? Or, or for me, somebody who's like works on the policy team, it's really shocking to see kind of bot traffic just in general, but curious as to, you know, what you think about that.

But this is something we're like we're already seeing for like a long time.

So there's nothing that surprises us. There's a lot of automated traffic.

It's not like bots doesn't necessarily mean like a bot that is built to do harm or like kind of to be intrusive.

Also, like a lot of devices, like automated traffic, if we think about connected devices, they always call like home to, to their supplier, like every all the devices that are connected, all your computers often call different, different sites, like automatically, or different API.

So there's always a lot of automated traffic on the Internet. So it's really not a big surprise, but it, it, it really can change if you're not kind of able to filter it out, it really can change like the patterns that you're seeing.

Yeah, definitely.

That's, that's really interesting. So I think one of the, one of the main the main UK use cases that I, I see a lot with radar is things like Internet shutdowns.

So in those cases, we see a lot of this, you know, in the election space.

So for example, in Uganda, in January 2021 and Myanmar, which is the beginning of February.

So like intentionally shutting down or restricting access to the Internet is really interesting in terms of, especially during a health crisis such as COVID.

So on the Cloudflare side, what does that look like when you know there is an Internet shutdown in a country, for example, like Myanmar, for example.

Yeah, when we look at Myanmar here, for example, and we see that the Internet has actually been shut down, like regularly, we see like there's always a few hours during the night, where there's really literally close to no Internet traffic that we are seeing from Myanmar, and then it goes up again, you see that there are some days like on the weekend where the Internet was not shut down, where there's kind of always like a level of traffic that we are seeing so it's really, yeah, it is, it's very visible all over the world that when when the attack gets gets shut down in certain countries and that's something that yeah we're also able to to make visible to everyone with Cloudflare radar.

Yeah, and I know whenever we wrote a blog post, specifically about Uganda so whenever they had the election in 2021 the government had shut down the Internet for a while and it's actually really interesting to see, for example, that, you know, these types of shutdowns are gaining attention in the world.

And, you know, the reason is to try and like stop communication for things like if there's protests going on.

And they're really used for political purposes and it's really just been on the rise so we have a partner to Galileo that kind of tracks these types of Internet shutdowns and kind of trying to understand, you know, access to information, but it's, it's interesting and really of these types of shutdowns only really a fraction of them are acknowledged by, you know, governments or entities that order them so it's interesting with Cloudflare radar because like you know you can see these Internet shutdowns are happening and like for example with Uganda, the blog post you can see Internet traffic and then it just spike all the way down and stay, you know, at the bottom for a really long time but it's also you know interesting to see like the top sites that that people in that country are visiting so typically, you know, you might see like social media sites being some of the top ones that people are trying to, you know, like, spread information to the outside world about you know what's happening in the specific reason region.

So it's actually cool to be able to see it, you know, the changes Internet traffic and I know a lot of researchers and journalists in this area, really are trying to understand you know what is happening at a high level and I think radar is a good, a good product for that.

That's great. I think we have like a lot of a lot of products so we're it's work in progress, and we are like kind of improving it on a day to day basis there's a ton of more things we want to add, we want to kind of really be able to notify.

When we see like for example an Internet shutdown, we were able to kind of visualize the US election security from the from an Internet side and kind of the traffic patterns there.

So we really want to want to focus on those events, but also like on things that are less, less critical like the Super Bowl, which obviously for a lot of people is very critical but less than a security sense, where we also shared like a lot of information that we saw how this was how the Internet was impacted by such an event.

Yeah, it's interesting with the Super Bowl so for example, one of the things that I see a lot in the election space is like, you know, you see unexpected influxes of traffic, some of them are you know malicious types of DDoS attacks targeting state and local governments that are running elections, you know, with the goal of trying to take it down, because the whole idea is you know trying to just to have more distrust hackers are trying to promote more distrust in the system and making sure that these websites stay up is really important.

So there's a malicious DDoS side but there's also like the unexpected spikes and legitimate traffic, which I think is pretty similar to what the Super Bowl is so like people are trying to just like look up the score of what's happening in the game or like look at the interesting ads that people have posted so it's actually interesting to see, like the malicious side but it's also the unexpected spikes in traffic, which can just be just as dangerous as the malicious side so it is pretty, pretty cool to see that.

Yeah, and we have a, we have shared a blog post actually on the Super Bowl, where we analyze the traffic to the homepages of the advertisers during their when their ads were ad.

And that was kind of that's really interesting to how, how the Internet reacted and how people kind of access their access the advertisers premises on the Internet.

Yeah, definitely. That is really interesting. So, for you know you talked a little bit about like the future of radar but what are some, some ideas that you have that you'd like to incorporate with radar any you know soft plans for.

I know a lot of great uses for radar especially you know in the policy space and and the project Galileo space but curious as to what other ideas you're thinking about.

Yeah, like what I just mentioned want to be like quicker and notifying about changes, we want to be really, really fast and letting people know what what changed but we're also.

We want to show more information on on events that are happening and and like for example when last year we actually saw when the Queen's Gambit, like the Netflix series was released we saw a huge spike in traffic to chess pages, which is interesting because people like one out of out of more or less nowhere got interested in chess, and really be able to share those information with with the world and kind of make it make it visible.

And that's something that we're working on.

We just launched, like a functionality to to share like all of our graphs on social media so you can directly put it on your Twitter if you see something interesting.

And to really make it very accessible for everyone to get this information.

Yeah, that's really, that's really great. I'm happy that we got the chance to chat a little bit about radar.

Cool. Yeah, shall we, shall we talk a bit about about we already mentioned elections and the 2020 elections I think was like one of a kind in the US, and we've we've done a lot to make sure that those elections from a cybersecurity side are safe and and secure so maybe you can talk a bit about like the different projects that we're having, and where we helped to make to secure those elections.

Yeah, so we, we do a lot in the election space at Cloudflare and I think specifically for the 2020 elections, you know, going into it was probably one of the most divisive elections I think everybody can agree on that.

But we have a lot of different projects that support many of these, these players in this space so for example, we have Project LAO which we work to provide you know a free set of services to kind of the most vulnerable organizations so for example, human rights organizations, a lot of nonprofits that are working, specifically, you know, in the election space so under Project LAO we protected.

For example, the US Vote Foundation, so they work and helping provide voting to oversee overseas voters so things like absentee voting, how to register to vote.

And then we also provided a lot of services to types of, you know, sites that were providing election results.

So that was a really interesting development under Project LAO.

And then, for example, for the Athenian project so that's where we provide services to state and local governments that run elections.

So think about, you know, in the US, you know, I have a specific county that I vote in, I go to that county website I registered to vote on election night I was, you know, refreshing my county page to see, you know what the tally was for the specific voting.

So that's a really been a target of a lot of a lot of people are targeting those types of election sites to take them down so people don't have access to authoritative information so we've always been trying, you know, our mission is to help build a better Internet and it's really important that these types of sites stay up.

So it's really why we provide these types of services to state and local governments.

And then we have kind of on the campaign side.

So we worked with a nonprofit organization called defending digital campaigns that got approval from the Federal Elections Commission in the US, which is basically the body that allows you know decides what types of campaigns, you know, finance laws, a lot of legal fun jargon, but, um, so basically we were able to provide a free set of services to federal campaigns.

And it's interesting to see kind of the dynamics between all of these types of election entities.

So for example, like organizations that work in helping provide you know oversee ballots, or, you know, posting election results were so well tuned to to shift during COVID, because like all of their operations were online anyway.

So it was like they needed a set of services they were very well suited to for this COVID environment, while other players in this space like campaigns and like state and local governments, it was definitely a big challenge because it's like, Oh, like, there's this huge health crisis that's going on, how do we change the way that people vote, which is, you know, hard to get people to do anyway, but it's interesting to see kind of those dynamics between the many entities in this space.

Yeah. Like, how, like, how would you say, what were like the biggest impact of COVID, which was the main topic in 2020 next to like US elections.

What were like the big impacts on the elections in general that that the country had to cope with.

So I think probably the biggest impacts was were things like a lot of state and local, a lot of counties were basically, they were, they had less voting polling places, and they really tried to push vote by mail.

So for example, you know, the months before elections they were like, you know, it's trying to figure out the safest way for people to vote with something like vote by mail.

So they were really trying to push those types of efforts and many states hadn't even had never done vote by mail.

So then it was like, okay, how do you, you know, organize the way that we do this when it's already a very decentralized voting system.

So like in the US it's, it's really crazy to think that like you know the each state has their each state and each county has their own way that they vote.

So how do you take a whole like all 50 states with so many different voting municipalities and and try and organize it in a way that people can safely vote, and that was one of the things like vote by mail was a huge push for a lot of people.

And then on the campaign side.

It was interesting to see like one of the things with political campaigns you know they do rallies, they go like door to door to get people to like get more information about their candidates so it's like all of those operations now had to move online.

And it's interesting to see kind of the tech savviness of a lot of people in this space, because you know a lot of campaigns don't necessarily know how to secure their their website or, or the importance of things like SSL, or, you know, move to working from home instead of in a, in an office so it was like trying to figure out the best way to help many of these players in the space.

So we had a big team at Cloudflare that was really, you know, on election night we really have like a team that was ready to help anybody that had any issues.

So it's actually nice to see you know everybody at Cloudflare get together and, you know, try and collectively make sure that like this election is safe and secure and you know helping in one small way to ensure that so it's actually really exciting.

If you if you're looking like back now election is already like three months ago, and the new president is in office, what would you say what I kind of the biggest learnings, and the main lessons that we saw from like the 2020 elections and where, where we were able to help and where we may be able to help even further in the future.

Mm hmm. Yeah, I think there's there's so many, there's so many lessons when it comes to 2020 and like looking back three months ago I think like my work life was so different.

And it was actually really interesting because I got to, like, with COVID going on, talking with so many different state and local governments like there's so many lessons learned in terms of like technical ability.

So for example, a lot of these, we have counties that sometimes only have one IT person.

And it's interesting because you know they don't necessarily know how to secure their county website or what types of vulnerabilities are out there.

So like them coming to Cloudflare looking at us is really the experts and trying to figure out how to secure them properly was like one of the biggest lessons that we learned and being being able to talk about our services in a way that makes sense, and trying to provide that extra level of support was really important because part of the part of our part of elections is building trust, and we have to build trust between the election entities that use us.

So it's a really interesting relationship of, you know, providing these free types of services and really showing them the value of these services, even though they might not necessarily So, in most cases I see that many counties like they get a couple thousands of visitors a day and then it like it shoots all the way up to the hundreds of thousands on election night.

And their website just can't handle all of that traffic at once. So it's, and it's legitimate traffic most of the time so it's people trying to like look at election results.

So that's one of the things that I think is probably the most interesting part, and also the collaboration side.

So we worked with a lot of a lot of entities in this space, including organizations that you know a lot of our Galileo partners that work in the election space and helping support a lot of these entities.

And then we also worked with like a lot of different types of government so we gave a presentation to the Department of Homeland Security like the Friday before elections.

Basically saying like in the call there was like 200 county counties that were on the line.

And we were talking about things that we've seen again attacks that we've seen against you know election infrastructure campaigns organizations that work in the space.

And just like highlighting at a high level like what you need to make sure to to keep your website safe so we always, you know, stress like have some type of DDoS protection in place like if you have spikes in traffic like, what do you do, do you have those types of security protocols in place on the encryption side like making sure that, you know, trust in elections is really important and if you go to a website and you see you know in the browser that says not secure on a page that you're putting your voting information and like, it's kind of like, oh, like, is, should I be doing this like this is actually you know I don't know if I trust this so like that lock means so much in terms of what people perceive whenever they go to a site.

So we always like stress that and then things like a web application firewall so we actually saw on this election like for state and local governments we saw more types of attacks that we're trying to exploit common vulnerabilities.

So trying to get into internal systems to, you know, access sensitive data, when on the campaign side we saw more DDoS attacks so you know the idea of a DDoS attack is trying to take the site offline so people can't visit it, not necessarily like steal sensitive data.

So it's interesting to see those two comparisons and show like hey like if you have Cloudflare like you're good on the DDoS side, but you're also good on the, you know, the vulnerability side because like we provide a WAF and it's basically, you know, just turning on that WAF and doing a couple different things.

So it's interesting to see those types of lessons that we learn and trying to explain these things.

And you know the more that we work in this space, the more that we can, you know, we can expand our offerings So we're trying to think about, you know, like election security is not only an issue in the United States, you know, like as we talked about with like Internet shutdowns like Uganda shutting down the Internet after the election like, you know, this isn't only a problem in the United States, like it's it's everywhere so we're trying to figure out like, how do we go forward in helping other types of countries, you know, make sure that their websites stay up that they're secure so they can you know participate.

You know, in their democracy and promote trust so it's interesting to see kind of the future of where we go with this because I think it's actually really, really bright.

Yeah. So, you mentioned like other countries what what like how is like for if if someone from from another country wants to get more information or wants to kind of know if they are eligible for for our, our election support how can they they get in touch with without that.

Yeah. So, for example, if you are a campaign that works in this space that you know around the world you can always go to our clubs are for campaigns landing page.

So we have an offering that you know provides these types of services to political campaigns abroad.

And one of the things that we we think about a club on that side is like understanding campaign finance laws.

So if you think about it in the US, we worked with a partner to provide these types of services but you know each country has their own different types of laws so you know if anybody applies we we try to take those into consideration and do as much research as we can.

And then on, you know, the state, the, the kind of election commission country wide side.

We're always looking to figure out how we can expand the project and the more people we have interested in these types of services, the more we can figure that out and we work with a lot of really great partners in this space that work in you know providing technical expertise to, you know, countries abroad, a lot of emerging democracies to try and help them on the technical side.

So we do a lot in that space and they can go to the Athenian project landing page, and, you know, get more information because you know I love working on these projects and I love figuring out how we can help others around the world so I definitely welcome those types of applications.

Cool. Yeah, I guess that that was a really good summing up and I think, yeah, I hope there's a lot more opportunity to make election safe and to have safe elections all over the world.

Thank you so much for inviting me.

And thank you. Have a yeah and everyone have a good day.

Yeah, thanks. I'll talk to you later Mark. Bye.