All posts by Jocelyn Woolbright

Protecting vulnerable communities for 10 years with Project Galileo

Post Syndicated from Jocelyn Woolbright original

In celebration of Project Galileo’s 10th anniversary, we want to give you a snapshot of what organizations that work in the public interest experience on an everyday basis when it comes to keeping their websites online. With this, we are publishing the Project Galileo 10th anniversary Radar dashboard with the aim of providing valuable insights to researchers, civil society members, and targeted organizations, equipping them with effective strategies for protecting both internal information and their public online presence.

Key Statistics

  • Under Project Galileo, we protect more than 2,600 Internet properties in 111 countries.
  • Between May 1, 2023, and March 31, 2024, Cloudflare blocked 31.93 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 95.89 million cyber attacks per day over the 11-month period.
  • When looking at the different organizational categories, journalism and media organizations were the most attacked, accounting for 34% of all attacks targeting the Internet properties protected under the Project in the last year, followed by human rights organizations at 17%.
  • On October 11, 2023, Cloudflare detected one of the largest attacks we’ve seen against an organization under Project Galileo, targeting a prominent independent journalism website covering stories in Russia and across Eastern Europe. We identified a DDoS attack that peaked at 7 million requests per second, with an attack duration of 7 minutes. In total, 1.9 billion DDoS requests targeting the attacked organization were mitigated that day.
  • We saw two attacks against an organization that manages vital Internet infrastructure in the Middle East. We mitigated 177 million DDoS requests targeting the organization over a three-hour period in October 2023. The second attack in December 2023 reached 42.6 million requests that were mitigated over a two-hour period.
  • We observed an attack targeting LGBT Foundation, a UK-based LGBTQ+ organization, during the beginning of Pride Month in June 2023. Cloudflare mitigated 144.7 million requests to this organization on June 2, 2023. In addition to this spike in June, we also saw another attack on August 26, 2023, which coincided with Manchester Pride. This second attack peaked at 1.46 million requests per second before finally subsiding on August 29.

This year, we broke down the dashboard into several sections:

  • Global civil society and human rights organizations
  • Global journalism and media organizations
  • Organizations based in Ukraine
  • Organizations in Israel and Palestine
  • Voting rights organizations based in the United States

Check out the full report here.

Highlights of the Report

Protecting free speech and a free press

The number of journalists imprisoned worldwide has grown in recent years. Reporters are increasingly at risk of being censored or shut down by governments or falling victim to cyberattacks. Project Galileo started as an initiative to protect free expression online. It’s grown to not only protect journalists, but also organizations working in the public interest such as voting rights groups, environmental activists, human rights defenders and more. We’ve seen journalists targeted on the Internet for various reasons, often stemming from the sensitive and impactful nature of their work. To that end, we’ve partnered with prominent organizations such as Internews, Center for International Media Assistance, International Press Institute, International Media Support, and many more to identify where our services are needed.

“Truth is the first casualty of war”

As the conflict in Ukraine continues, Cloudflare has been providing protection to journalists reporting on the conflict, human rights organizations helping refugees on the ground, and groups that have built mobile apps giving people early warnings of missile strikes.

Among them is Russian-born Galina Timchenko, co-founder, CEO, and owner of independent news outlet Meduza. A recent investigation by Access Now and the Citizen Lab reveals Timchenko had her iPhone infected with NSO Group’s Pegasus spyware during a trip to Berlin, Germany around February 10, 2023. This is the first documented case of Pegasus infection against a Russian journalist, which shows the growing suspicions among European Union governments regarding Russian civil society in exile. Labeled as an “undesirable organization” and blocked by the Russian government, Meduza operates out of Latvia to maintain editorial independence as it continues to publish news focused on covering stories in Russia and the former Soviet Union, including the conflict in Ukraine.

Meduza is an example of an important organization that lacks the resources to protect itself against intensive online attacks. On a single day in October 2023, Meduza came under DDoS attack peaking at 7 million requests per second and lasting 7 minutes—an onslaught which would have disabled the site under normal circumstances.

Protecting organizations in a time of conflict

We’ve reported on patterns of wartime violence coinciding with cyberattacks. Unfortunately, these trends have continued during the war between Israel and Hamas, and the humanitarian crisis in Gaza. Under Project Galileo, we protect a range of organizations based in the region that work to provide emergency response service, vital equipment for hospitals, crowdfunding platforms supporting the Muslim community worldwide, and more. We saw an increase in traffic after October 7, 2023, to both Israeli and Palestinian organizations, coinciding with the start of the Israel-Hamas war.

As we explored the data further, we saw an attack against a prominent organization based in the United Kingdom that works to secure Palestinian human rights, observing two dates on which there was an increase in mitigated traffic. The first, on October 15, 2023, coincided with the national demonstration in London in support of Palestine. We see in the first spike the requests go from 0 to 44,500 mitigated requests per second within two minutes. When we took a closer look, we identified that many of the requests were mitigated by Cloudflare’s Security Level, a product that uses the threat score (IP reputation) to decide whether to present a challenge to the visitor. The second spike, on February 21, 2024, coincided with UK lawmakers calling for cease-fire in the Israel-Hamas war. This peaked at 10,500 mitigations per second that lasted 40 minutes with an average of 6,638 requests per second.

As we reviewed the data, we saw two attacks against an organization that manages vital Internet infrastructure in the Middle East. Attacking infrastructure entities like domain name registries and registrars is not new, as we saw in Ukraine during the beginning of the war in March 2022, and follows an unsettling trend of targeting broad swaths of a country’s Internet infrastructure.

We saw two notable spikes in traffic, the first in October and second in December 2023. The first attack took place in three waves on October 18 and 19th, peaking around 78,500 requests per second. In total, the attack went from 2.48 million requests to 177.42 million requests mitigated per day.

On December 20-21, 2023, there was an attack that lasted more than 2 hours, averaging 8,600 requests per second throughout that period, reaching as high as 13,830 requests per second. In total, this attack saw 42.6 million daily requests mitigated.

And more…

Here we’ve provided just a snapshot of what organizations see on a daily basis when it comes to keeping their websites online. For more information on attacks against organizations protected under Project Galileo, check out the full Radar report.

If you are an organization looking for protection under Project Galileo, please visit our website:

Continuing our work with CISA and the Joint Cyber Defense Collaborative to keep vulnerable communities secure online

Post Syndicated from Jocelyn Woolbright original

Internet security and reliability has become deeply personal. This holds true for many of us, but especially those who work with vulnerable communities, political dissidents, journalists in authoritarian nations, or human rights advocates. The threats they face, both in the physical world and online, are steadily increasing.

At Cloudflare, our mission is to help build a better Internet. With many of our Impact projects, which protect a range of vulnerable voices from civil society, journalists, state and local governments that run elections, political campaigns, political parties, community networks, and more, we’ve learned how to keep these important groups secure online. But, we can’t do it alone. Collaboration and sharing of best practices with multiple stakeholders to get the right tools into the groups that need them is essential in democratizing access to powerful security tools.

Civil society has historically been the voice for sharing information about attacks that target vulnerable communities, both online and offline. In the last few years, we see governments increasingly appreciating how cyberattacks affect vulnerable voices and make an effort to identify the risks to these communities, and the resources available to protect them.

In March 2023, the US government launched the Summit for Democracy co-hosted by Costa Rica, Zambia, the Netherlands, and South Korea. We’ve written about our work at the summit and commitments on a wide range of actions to help advance human rights online. We were also proud to be included in US Agency for International Development’s (USAID) announcement, as part of the second summit in South Korea in March 2024, as a potential technology partner for the Advancing Digital Democracy Academy initiative, which will offer skills training in cybersecurity, cloud computing, responsible AI to support governments, civil society organizations, and other vulnerable groups.

With multistakeholder collaboration a growing effort, we want to give you insight into our ongoing efforts with the US Cybersecurity and Infrastructure Security Agency through the Joint Cyber Defense Collaborative (JCDC) to work together to raise awareness about threats to civil society, best practices that groups can use to protect themselves online today, and new resources developed for these vulnerable communities.

What types of threats do civil society organizations face?

Civil society organizations, which include non-governmental organizations, community-based organizations, and advocacy groups, face a wide range of threats and challenges that can vary depending on their location, focus areas, and activities. These threats can come from various sources, offline and online, from governments, non-state actors, and external influences.  

Since our founding, we’ve provided a set of free services based on the idea that democratizing access to cybersecurity products makes the Internet safer and faster for a broader audience. Since 2014, we’ve continued to strengthen this idea with Project Galileo, providing a higher level of protection to vulnerable voices. Fast forward to 2024, and we now protect more than 2,600 organizations in 111 countries under Project Galileo, allowing us to gain a better understanding of threats these organizations face on a daily basis. In June 2023, we published a report showing that between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under the project, an average of nearly 67.7 million cyber attacks per day over the 10 month period.

We continue to learn more about cyberattacks against these groups and how to better equip them with the tools they need to stay online. Our Q2 2023 DDoS report, for example, noted that 17.6% of all traffic to nonprofits was DDoS traffic, and that nonprofits were the second most targeted sector for DDoS. In addition, we see prominent civil society organizations, like our partner the International Press Institute, fall victim to a cyber attack after releasing a report identifying multiple DDoS attacks against many independent media outlets in Hungary over a five month period.

What do these attacks look like for a civil society organization?

It is easy to provide overall statistics on the number of cyber attacks we see against organizations under Project Galileo. But that doesn’t provide the whole story on what attacks look like in practice or how organizations can defend against them in real time.

When we were developing our Radar dashboard for the 9th anniversary of Project Galileo, we came across a noteworthy incident that involved an organization reporting on international legal issues, which highlights the importance of having security measures in place, even for organizations that do not believe they are a target. This event occurred between March 17 and March 18, 2023. On March 17, an international arrest warrant was issued for Russian President Vladimir Putin and Russian official Maria Lvova-Belova in connection with an alleged plot to relocate Ukrainian children to Russia.

Before and after this incident, the organization’s website experienced low levels of traffic. However, on March 17, we observed a sudden surge in request traffic, escalating from under 1,000 requests per second to approximately 100,000 requests per second within a four-hour window, reaching its peak at 19:00 UTC. Fortunately, the majority of this traffic was effectively managed by our Web Application Firewall. Another notable spike occurred on March 18, with the peak occurring at 09:45 UTC, surpassing 667,000 requests per second. Almost all of these requests were identified as Distributed Denial of Service (DDoS) attacks, as illustrated in the chart above. Throughout March 18, Cloudflare successfully thwarted a total of 844.4 million requests categorized as application layer DDoS attacks.

This incident highlights a recurring theme that we encounter within Project Galileo. Many organizations may remain unaware of their vulnerability to cyberattacks until their website is targeted by a disruptive DDoS attack. In this instance, the organization maintained its online presence throughout the entire attack, likely only discovering the abnormal surge in traffic after the attack had subsided.

This is just one example of an attack targeting an organization under Project Galileo, but they happen every day. But don’t just take it from us, check out more stories from organizations on how they stay secure online.

Collaborating with CISA through the Joint Cyber Defense Collaborative to identify how to get our services to more vulnerable communities

One of the ways we expand our protections with Project Galileo is through partnerships and collaborations. We currently work with more than 50 civil society organizations who approve organizations for protection under Project Galileo. The role of our civil society partners is essential as they have the knowledge and expertise around organizations that need these types of services.

When JCDC reached out to us about an initiative focused on protecting vulnerable communities online, we were excited to help make resources more accessible from a trusted voice. As governments increasingly identify the need for cybersecurity services for vulnerable communities, they have the ability to make these resources accessible and bring together multiple stakeholders to help promote best security practices. With JCDC, we are collaborating on three working groups to cover a range of topics that include crowdsourcing resources available for at-risk communities, developing new resources for these groups, cyber volunteer programs from companies and civil society, information sharing and development of threat reports and more.

With a range of stakeholders including civil society, tech companies, and CISA, we’ve been able to identify opportunities to build capacity and transparency strategies when it comes to extending products to these communities. We hope that other governments can see these efforts on providing protections to vulnerable communities as a model for effective collaboration.

What are steps you can take right now to ensure your organization’s website and internal teams are protected?

As part of our working groups with JCDC, we focused on enhancing the baseline of cyber hygiene for civil society organizations and improving resilience and response capabilities in the face of a cyberattack. We put together a list of tools and resources that are available for much of these groups that include:

  • Cloudlare’s Social Impact portal to help organizations navigate how to keep their website secure on Cloudflare.
  • Zero Trust Security for vulnerable communities: In this roadmap, created by Cloudflare, intended for civil society and at-risk organizations, we hope to demystify the work of Zero Trust security and offer easy to follow steps to boost your cyber security efforts in your organization. This roadmap includes a range of Cloudflare’s security products with case studies for civil society, level of effort to implement, and the teams involved to make the complex world of cyber security more accessible and understandable to a wider audience.
  • Cloudflare Radar and the Outage Center to track Internet shutdowns: In addition to the route leaks and route hijacks insights, we have Radar notification functionality, enabling organizations to subscribe to notifications about traffic anomalies, confirmed Internet outages, route leaks, or route hijacks.
  • JCDC’s CISA Awareness site: CISA—through JCDC—has compiled a list of cybersecurity resources intended to help high-risk communities who are at heightened risk of being targeted by cyber threat actors because of their identity or work.

To the future

There is still a lot of work to be done when it comes to protecting vulnerable voices. We hope that by collaborating with a range of stakeholders from governments, civil society, and tech companies we can better share tools and expertise to help these communities navigate the complex digital environments we find ourselves in. We remain committed to this crucial mission in the years to come and look forward to creating more partnerships to expand our products into new areas.
If you are an organization looking for protection under Project Galileo, please visit our website:

Cloudflare protects global democracy against threats from emerging technology during the 2024 voting season

Post Syndicated from Jocelyn Woolbright original

In 2024, more than 80 national elections are slated to occur, directly impacting approximately 4.2 billion individuals in places such as Indonesia, the United States, India, the European Union, and more. This marks the most extensive election cycle worldwide until the year 2048. Elections are a cornerstone of democracy, providing citizens with the means to shape their government, hold leaders accountable, and participate in the political process.

At Cloudflare, we’ve been supporting state and local governments that run elections for free for the last seven years. As we look at the upcoming elections around the world, we are reminded how important our services are in keeping information related to elections reliable and secure from those looking to disrupt these processes. Unfortunately, the problems that election officials face in keeping elections secure has only gotten more complicated and requires facilitating information sharing, capacity building, and joint efforts to safeguard democratic processes.

At Cloudflare, we support a range of players in the election space by providing security, performance, and reliability tools to help facilitate the democratic process. With Cloudflare Impact projects, we have found a way to protect a range of stakeholders who play an important role in the election process and better prepare them for the unexpected. As we have grown our various Impact projects to protect more than 2,900 domains, we have learned how best to protect vulnerable groups online.

During Security Week, we want to provide a look at how we are preparing groups that work in elections around the world for 2024, as well as exploring emerging threat trends.

A look at the year ahead

State and local governments play a critical role in various aspects of the election process. From voter registration to candidate filing, polling place setup, distribution of ballots, tabulations of voters, and reporting of election results, they ensure that elections are conducted fairly, securely, and efficiently.

If we have learned anything from the last seven years, it is that election officials have even more on their plate when it comes to conducting free and fair elections. Countries conducting elections this year are likely to face a complicated array of threats, from voter manipulation to physical violence. Unfortunately, in many countries, people have been blamed for election results that displeased certain politicians and constituents, and numerous election officials have encountered death threats, online harassment, and mistreatment. In April 2023, the Brennan Center found that 45% of local election officials said they fear for the safety of their colleagues.

When it comes to safeguarding online infrastructure, securing voter registration systems, ensuring the integrity of election-related information, and planning effective incident response are necessary as online threats grow more and more sophisticated. For example, in the three months leading up to the 2022 US midterm elections, Cloudflare prevented around 150,000 phishing emails targeting campaign officials.

How we use our services to promote free and fair elections

The core principle driving our work in the election space is the idea that access to accurate voting information, as provided by state and local governments, is fundamental to the proper functioning of democracy. We see ourselves as one piece of a larger puzzle when it comes to safeguarding elections.

Protecting election entities is an enormous task, and there is strength in partnerships that provide with a broad range of roles and expertise. We have seen groups such as the Cybersecurity and Infrastructure Security Agency increase their role in boosting election security efforts throughout the last few years. There have been partnerships between governments, organizations, and private companies assisting election officials with the tools and expertise on the best ways to secure the democratic process.

In 2020, we partnered with the International Foundation for Electoral Systems to find a way to expand our protections to election management bodies outside the United States. In our partnership, we have been able to provide our Enterprise-level services to six election management bodies, including the Central Election Commission of Kosovo, State Election Commission of North Macedonia, and many local election bodies in Canada.

“Cloudflare is a technology enabler for the State Election Committee (SEC) in North Macedonia, and its tools help us ensure that early election results will be accessible to the general population, thus promoting visibility and transparency.”
– Vladislav Bidikov, Cybersecurity Task Force Member, State Election Commission of North Macedonia        

Internet trends during elections

Looking at Internet trends during elections, we have seen in several countries that Internet traffic typically drops during the day, when people are going to the polling booths. That was the case in France and Brazil in 2022, for example. After the polling booths close, traffic usually increases, when citizens are looking for results — a spotlight also shared with the traditional TV channels.

Indonesia, a country with more than 200 million voters (and a population of 275 million) and over 17,000 islands, held general elections on Wednesday, February 14. On that day, daily traffic dropped 5% compared with the previous week. Hourly traffic during the day dropped as much as 15% between 08:00 and 13:00 local time (Western Indonesia time, where most of the population lives), when polling stations were open. Traffic was lower than in the previous week during that day, and only picked up on the following day.

On the other hand, mobile device usage was at its highest point of 2024 to date on February 14, representing 77% of all requests from the country.

Pakistan election day Internet outage

In Pakistan, general elections were held on February 8. During this time, our data shows an outage that started around 02:00 UTC, recovering after 15:00. The Internet shutdown targeted mobile networks and was criticized by Amnesty International.

The Telenor (AS24499), Jazz (AS45669), and Zong (AS59257) mobile networks were impacted. For example, here is a view of the Telenor network:

In addition, social media platform X experienced a national-scale disruption following protests ignited by allegations of vote rigging in the general elections. When it comes to Internet shutdowns, we see complete Internet blackouts represent the most severe type of Internet shutdowns, but limitations on the usage of social media and messaging applications, especially during elections, also pose large obstacles. Many of these platforms have become indispensable for journalists and the media, serving as an important channel to connect with audiences, share and publicize their content, and securely communicate with their sources.

How do you prepare for the unexpected?

We have detailed our work during many elections in the United States, including how we protected the 2020 elections during times of uncertainty. As we prepare for the 2024 election, we will continue collaborating with experts on how to best provide our services. Last year, we conducted an analysis on threats to election groups. Highlights include:

Early in 2024, we conducted webinars for state and local governments under the Athenian Project to identify configuration recommendations and provide lessons learned during the 2020 and 2022 midterms in the United States. We discussed topics such as preventing website defacement, and security checklist items such as checking domain and SSL certificate expiration dates. We are happy to report that many of these efforts in assisting state and local governments on configurations to make sure they are getting the most of our free Cloudflare products have been successful, with more than 92% of domains under the project using our proxy services to protect their website. But we still have a long way to go. We found that 2FA is still a problem, and we strongly encourage participants to enable it to protect accounts and sensitive information.

Ahead of the elections, we have also heard from larger election entities, such as secretaries of state, nonprofit organizations supporting election officials, and government agencies, who have reached out for our expertise on how to better support smaller election groups.

What keeps state and local election officials up at night?

To help prepare for the 2024 general elections in the United States, we wanted to learn more from state and local governments protected under the Athenian Project about what worries them in terms of online security threats. We sent out a brief survey to participants and found:

  • A majority of participants believe that the use of generative AI tools will have a significant impact on the 2024 election.
  • 80% of participants surveyed indicated that their team has experienced an email phishing attack in the last year.
  • Trust and reputation is the highest concern when it comes to a cyber attack with election operations as a close second.

We asked participants what they wished more people understood about their efforts in election security and reliability, and one county’s response stood out. To paraphrase, they said that election officials are also citizens and residents in their communities, and they strive to have safe, fair elections. We look forward to learning more about threats to these groups and how our products can help keep their internal data safe from attacks.

Super Tuesday

Because Super Tuesday in the United States involves several states, including California, Alabama, Iowa, North Carolina, and more, that hold their primaries or caucuses on the same day, it is often seen as a critical turning point in the presidential primary process.

On March 6, 2024, CISA reported there had been no credible digital threats to Super Tuesday, to the relief of many security experts. These comments came after Meta reported an outage that which caused Facebook, Messenger, and Instagram to be inaccessible to many users in the United States.

During Super Tuesday, we had the opportunity to witness firsthand the benefits of having access to free cybersecurity services to a range of elections groups. We are happy to report that during this time, we did not see any major cyberattacks against these groups. As part of this, we want to share updated insights into trends we have identified against election groups we protect to identify the types of attacks that they face with the hope of better securing them online.

Athenian Project

Under the Athenian Project, we protect more than 400 state and local government websites in 32 states that run elections. We identified 100 websites in the 16 states conducting elections on Super Tuesday and observed a considerable increase in traffic after Monday, March 4th.

When it comes to automated traffic to these websites, the figure below shows that we saw traffic classified as bot traffic maintain a relatively steady pattern between February 26 and March 5th. Bot traffic describes any non-human traffic to a website or an app, and it is important to note that not all bot traffic is malicious. Legitimate bot traffic includes activities like search engine indexing, while malicious bot traffic is designed to engage in fraudulent activities such as spamming, scraping content for unauthorized use, or launching distributed denial-of-service (DDoS) attacks.

As March 5th began, an increase in “human” traffic was clearly visible, with a significant increase starting at 05:00 EST and decreasing around 23:00. This is typical of what we see in the election space, as many people are visiting these websites to identify their polling place locations, or view up-to-date election results.

On Super Tuesday, Cloudflare mitigated over 18.9 million requests on March 5th, 2024, against state and local governments under the Athenian project.

Cloudflare for Campaigns

In 2020, we partnered with Defending Digital Campaigns, a nonprofit organization dedicated to providing cyber security resources and assistance to political campaigns and committees in the United States. Through our partnership, we have been able to provide more than $3 million in Cloudflare products. For this analysis, we identified 49 websites protected by Cloudflare for Campaigns that are located in the states that conducted an election during Super Tuesday. In total, we protect 97 campaign websites and 27 political party websites.

Overall traffic to these websites remained fairly consistent through the latter half of February and into March, but started to grow the weekend ahead of Super Tuesday, as seen in the figure below. Peaks were seen at 23:00 EST on March 4 and 20:00 EST on March 5.

We’ve noticed that these websites under Cloudflare for Campaign zones experience low, constant bot traffic, although it increased slightly during the first days of March. But the figure below shows that the overall increase in traffic discussed above was driven by a significant increase in request traffic identified as coming from actual users (that is, “human”).

A majority of the traffic was to political parties protected under the project in these Super Tuesday states, with 53% of the traffic identified going to these party websites.

Project Galileo

Cloudflare protects more than 65 Internet properties in the United States that work on a range of topics related to voting rights and promoting free and fair elections. Super Tuesday resulted in a considerable spike in traffic to these websites around 09:00 EST of 3.22M requests, which far surpassed the previous maximum value of 1.56M on February 20th at 11:00 EST, a 2x increase.

This spike was determined to be from user-driven traffic (not bot) and caused by a single zone related to a nonpartisan nonprofit organization that provides online voter guides for every state, including voter registration forms. The organization has been protected under Project Galileo since 2017. Their request traffic experienced a 1360% increase in traffic between 07:00 and 09:00 am EST. This is a clear example on the importance of access to cybersecurity tools in advance of a major event, as spikes in traffic can be unpredictable.

2024 and beyond

As we approach the 2024 election cycle, Cloudflare is ready to provide support to election officials, voting rights groups, political campaigns, and parties involved in elections.

With a year full of elections and given the global attention on election security, engagement of seasoned professionals with expertise is essential to safeguard the democratic process. Through continued collaboration with stakeholders in the election space, we continuously develop strategies for effectively securing web infrastructure and internal teams. Our commitment persists in safeguarding resources throughout the voting process and fostering trust in democratic institutions around the world.

We want to ensure that all groups working to promote democracy around the world have the tools they need to stay secure online. If you work in the election space and need our help, please apply at

Tune in for more news, announcements and thought-provoking discussions! Don’t miss the full Security Week hub page.

2024, the year of elections

Post Syndicated from Jocelyn Woolbright original

2024, the year of elections

2024 is a year of elections, with more than 70 elections scheduled in 40 countries around the world. One of the key pillars of democracy is trust. To that end, ensuring that the Internet is trusted, secure, reliable, and accessible for the public and those working in the election space is critical to any free and fair election.

Cloudflare has considerable experience in gearing up for elections and identifying how our cyber security tools can be used to help vulnerable groups in the election space. In December 2022, we expanded our product set to include Zero Trust products to assist these groups against new and emerging threats. Over the last few years, we’ve reported on our work in protecting a range of election entities and as we prepare for the 2024 elections, we want to provide insight into attack trends we’ve seen against these groups to understand what to expect in the next year.

For this blog post, we identified cyber attack trends for a variety of groups in the elections space based in the United States, as many of our Cloudflare Impact projects provide services to these groups. These include U.S. state and local government websites protected under the Athenian Project, as well as U.S. nonprofit organizations that work in voting rights and promoting democracy under Project Galileo, and political campaigns and parties under Cloudflare for Campaigns.

Our main findings:

  • From November 1, 2022, to August 31, 2023, Cloudflare mitigated 234,740,000 threats to U.S elections groups surveyed.
  • Internet traffic to these websites has steadily increased, up nearly 25% between January 2023 and August 2023.
  • We observed an increase in traffic to political campaign websites during elections, then steadily decreasing traffic until elections in the following year, as shown with the traffic spikes we see during the analyzed time period.
  • HTTP Anomaly remained the top layer 7 attack vector mitigated by the Web Application Firewall, followed by SQL Injection.

Supporting state and local governments that run elections with the Athenian Project

Under the Athenian Project, Cloudflare provides our highest level of protection to state and local governments in the United States that run elections. As of November 2023, 390 state and local governments in 31 states are protected under the project. Across this cohort, Cloudflare mitigated 213.78 million threats to government election sites between November 1, 2022, and August 31, 2023, an average of 703,223 threats per day.

On Election Day, November 7, 2022, we saw traffic to state and local government sites increase by more than 500%. Analysis shows that 80% of this traffic was classified as coming from human users, which is expected, as we tend to see an increase in traffic during election time as constituents view their local county board of election sites to identify polling locations and election results.

We’ve also seen an increase in state and local governments onboarding .gov domains to Cloudflare. In September 2022, The U.S Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced the agency would launch a new .gov registrar with the intent of making it easier for government organizations to set up a .gov website, while also making the domain more secure. We observed that 65% of traffic to Athenian domains is to .gov domains.

When we look at traffic that was mitigated by Cloudflare’s Web Application Firewall (WAF), specifically Cloudflare managed rulesets, we see an oscillating traffic pattern identified as HTTP anomalies until a sudden (and seemingly permanent) drop after mid-April 2023. Managed rulesets are pre-configured firewall rules that provide immediate protection against common vulnerabilities. These managed rulesets are created by the Cloudflare security team, provide fast and effective protection for customer applications, and are updated frequently to cover new vulnerabilities and reduce false positives.

The managed rules are a great feature, especially for organizations with limited security resources, as they are easy to enable and protect against common vulnerabilities that Cloudflare has identified that have hit thousands of websites. Within the WAF Managed Rules, the top category that we see for mitigations is HTTP Anomaly. HTTP anomalies include such things as malformed method names, null byte characters in headers, non-standard ports, or content length of zero with a POST request.

We found 76% of traffic that was mitigated by the WAF was HTTP anomalies, followed by SQL Injection (SQLi) at only 8%. There is another pattern seen in XSS (Cross-Site-Scripting) attempts that are observed every 23rd day of the month. Given this very “strict” pattern, this could be due to an automated attack of some sort.

Supporting political campaigns and state parties with Cloudflare for Campaigns

Cloudflare launched Cloudflare for Campaigns in January 2020, in partnership with the nonprofit, nonpartisan organization Defending Digital Campaigns. Under the partnership, we protect 70 political campaigns and 20 political parties in the United States. Between November 1, 2022, and August 31, 2023,Cloudflare mitigated 1.83 million threats to political campaign sites, which is an average of 6,019 threats per day.

When we look at traffic trends for these domains, we see a spike in November 2022 during the midterm elections in the United States, but significantly lower traffic after this time. Overall, interest in these campaign websites appears to be limited only to election times and some months prior.

When we identify traffic that was blocked by Cloudflare, a majority (79%) was blocked by WAF rules. However, this wasn’t all from malicious sources, as some of the rules have been configured by the campaigns themselves to block other types of unwanted traffic. For example, some campaigns block traffic from outside of the United States from accessing the website, which would be classified as a blocked request. As we’ve worked with many campaigns in the past on how to get the most out of Cloudflare security tools, we think it is a sign of progress that campaigns are setting specific rules that help them mitigate or challenge traffic that they may not want to access the site.

In addition to the customer-configured rules, these campaign sites are also protected by WAF managed rules (run by Cloudflare), with 47% of mitigated traffic identified as HTTP Anomaly and 30% SQLi.

Supporting organizations that promote free and fair elections with Project Galileo

As part of our analysis we also identified 69 organizations in the United States that are protected under Project Galileo that work on a range of topics related to voting rights and promoting free and fair elections. For those organizations, Cloudflare mitigated 19.13 million threats between November 1, 2022, and August 31, 2023, an average of 62,927 threats per day.

We saw a spike in traffic during election time in November 2022 and another slight increase in April 2023. During this time, the largest number of blocked requests was mitigated by Cloudflare’s Security Level. Cloudflare’s Security Level is a security tool that ranks requests based on IP reputation to decide whether to present a Managed Challenge page. A managed challenge helps determine whether the request is considered malicious or legitimate. If the visitor passes the challenge, their request is allowed. If they fail, the request will be blocked. Many of these challenges are issued as a result of domains enabling Under Attack Mode, which enforces an elevated Security Level to help mitigate layer 7 DDoS attacks.

For traffic that was mitigated by the WAF, we found the top mitigation categories to be HTTP Anomalies at 48% and SQLi at 25%. Overall, we saw more requests mitigated by Cloudflare’s WAF than traffic that was considered DDoS.

Taking our elections expertise global

In 2021, we announced our partnership with the International Foundation for Electoral Systems (IFES) to provide our highest level of protection for free to election management bodies (EMBs) around the world. An EMB is an institution responsible for organizing and overseeing elections in a particular jurisdiction with a primary role of ensuring that the electoral process is conducted fairly and transparently. Since beginning our partnership, we’ve provided protection or expertise to 7 election management bodies to support their work in promoting free and fair elections. As part of this, we’ve worked with election commissions in Kosovo and North Macedonia to protect their election infrastructure.

“Security is the cornerstone of any democratic process, and free and fair elections are no exception. Security products like those from Cloudflare become even more critical in an increasingly digital world. With Cloudflare, we have effectively mitigated numerous cyber threats, ensuring citizens uninterrupted access to electoral information in Kosovo. This has significantly fostered trust and transparency in our electoral processes.”
Kreshnik Spahiu
Director of the Information Technology Department, Central Election Commission of Kosovo

As we approach 2024 with many elections in newly emerging democracies, we are excited to continue our work with IFES to provide our services and share our expertise to help election groups stay secure online.

Looking toward 2024…

If 2024 is anything like 2023, we should continue to expect irregularities regarding Internet access during elections. We’ve seen this in areas such as Cambodia, where ahead of the 2023 elections, Cambodian officials ordered internet service providers to block website access to three news outlets reporting on the election as a way to control the independent media. In Zimbabwe, a new law known as the Patriotic Bill was passed before the general election, encompassing a wide range of provisions that make it illegal to engage in speech deemed to pose a threat to the nation’s sovereignty or vital national interests.

The last few years contain many examples of how governments have undermined and controlled the flow of information through Internet shutdowns, restricted social media sites during elections, and imposed blocking of websites that report on results. If current trends continue, 2024 will be a pivotal year for online freedoms.

In light of this, we want to ensure that all groups working to promote democracy around the world have the tools they need to stay secure online. If you work in the election space and need our help, please apply at

Nine years of Project Galileo and how the last year has changed it

Post Syndicated from Jocelyn Woolbright original

Nine years of Project Galileo and how the last year has changed it

Nine years of Project Galileo and how the last year has changed it

If you follow Cloudflare, you know that Birthday Week is a big deal. We’ve taken a similar approach to Project Galileo since its founding in 2014. For the anniversary, we typically give an overview of what we have learned to protect the most vulnerable in the last year and announce new product features, partnerships, and how we’ve been able to expand the project.

When our Cloudflare Impact team was preparing for the anniversary, we noticed a theme. Many of the projects we worked on throughout the year involved Project Galileo. From access to new products, development of privacy-enhancing technologies, collaborations with civil society and governments, we saw that the project played a role in either facilitating conversation with the right people or bridging gaps.

After reflecting on the last year, we’ve seen a project that was initially intended to keep journalism and media sites online grew into more. So, for this year, in addition to new announcements, we want to take the time to reflect on how we have seen Project Galileo transform and how we look toward the future in protecting the most vulnerable on the Internet.

Project Galileo +

The original goal of Project Galileo was simple. Although Cloudflare had free services available to anyone online, including cyber security services like unmetered DDoS protection, based on meetings with the Committee to Protect Journalists and others, we thought there was more we could do to help important but vulnerable voices online.

To that end, we launched Project Galileo to provide free access to additional Cloudflare services for qualifying organizations. Predictably, our first challenge was deciding exactly how to determine which organizations should qualify for the program. We knew generally that we wanted to help journalists, human rights defenders, civil rights activists, and other humanitarian organizations. We also thought it would be a better, more transparent program if Cloudflare were not making those decisions on our own.

So, we recruited as many well-respected organizations working in those fields as we could. When we launched, we were incredibly excited that we had 14 organizations willing to volunteer their time to help us. Nine anniversaries later, not only are we still working with all of our original partners, often on a daily basis to review and approve new Project Galileo participants, but our partner list has actually grown to 50 organizations, including the Council of Europe and the Business & Human Rights Resource Centre.

With their help, Project Galileo now protects more than 2,271 organizations in 111 countries. In addition to helping us grow the number of organizations participating in the program, our growing list of partners has also helped drive a number of expansions and other projects, which continue to make the Internet a safer place.

  • Helping with new issues: In September 2022, Cloudflare extended Project Galileo services to abortion rights groups through our partnership with Digital Defense Fund, an organization that works to provide digital security tools for the abortion access movement. Extending privacy and security services to those that support access to safe and legal abortion and advocated for the right to protect and expand reproductive freedom was the right thing to do and we were proud to do it.
  • Adding new services — internal networks: As Cloudflare has developed new product features, we've worked with our partners to determine which would be the most helpful to provide to vulnerable communities. In 2022, Cloudflare added Zero Trust security products for organizations under Project Galileo (and the Athenian Project). As a result, Project Galileo not only protects our participants' web properties, but is also helping secure internal networks for organizations like CyberPeace Institute, Meedan, Organization of American States (OAS), and The Information Technology Disaster Resource Center (ITDRC). We also created the Cloudflare Social Impact Portal, which provides step-by-step onboarding instructions, videos, and tutorials to help onboard Cloudflare Zero Trust products, specifically tailored for nonprofit organizations.
  • Tracking Internet shutdowns: In 2021, working with Access Now, Internews, the Carter Center, National Democratic Institute, Internet Society, and the International Foundation for Electoral Systems, the Cloudflare Radar team launched an alert tool to help identify outages for human rights organizations that track Internet shutdowns. In 2022, we launched alerts with Radar 2.0 and API access to make it easier for those organizations as well as other civil society groups and journalists to automatically integrate Cloudflare network data into their monitoring tools.
  • Working with governments to protect human rights defenders: As a result of our work with Project Galileo, Cloudflare has been able to work with our partners to share our experience and best practices with the US State Department, US Agency for International Development (USAID), and other government agencies that are helping advance global privacy and security protocols to support democratic governance, privacy, and protections for human rights defenders online. As part of that work, Cloudflare made a number of additional commitments as part of the 2023 Summit for Democracy, including making post-quantum encryption available for all Cloudflare customers and Project Galileo participants at no charge.

At Cloudflare, we often talk about how we are just getting started, which is true for Project Galileo as well. But, before we talk about what's new this year, it's worth taking a moment to appreciate not only how the program has grown, but also how the community that has developed around it has helped launch other new ideas and initiatives to help advance human rights online.

What’s next? (Ninth anniversary!)

For the ninth anniversary, we want to focus on access to affordable cyber security tools and what we have learned protecting the most vulnerable communities. That is in the form of new technical resources, a Radar report on cyber threats to Galileo organizations, partnerships to expand product offerings, and more.

This year, we are happy to announce an extension of our partnership with the CyberPeace Institute to provide Area 1 tools to Development and Humanitarian Organizations (DHOs) as part of Project Galileo. Over the course of the partnership, CyberPeace Institute will onboard their network of NGOs that are part of the CyberPeace Builders program  and act as a centralized point of contact to feed real-time security alerts  with a focus on phishing campaigns to civil society organizations.

"United against cyber threats, the CyberPeace Institute and CloudFlare stand tall, safeguarding civil society organizations from the treacherous tide of phishing campaigns. Together, we defend the defenders and empower the champions of peace in the digital realm."
Stéphane Duguin, CEO, CyberPeace Institute

Nine years of Project Galileo and how the last year has changed it

At Cloudflare, we think it is important to have affordable cyber security tools, as the threats are increasing in frequency and sophistication, and organizations and individuals alike need effective tools to protect themselves from these threats. As part of our Zero Trust offering under Project Galileo, we have created a new Zero Trust Roadmap for high-risk organizations to make the complex world of cyber security more accessible and understandable to a wider audience.

For the Project Galileo 9th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data. With that, we developed a Radar report aimed at highlighting organizations that were the center of public debate in the last year. Specifically, organizations that support LGBTQ+ rights, civil society, pro-choice advocacy and health, and in Ukraine.

Our main findings:

  • Between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under Project Galileo. This is an average of nearly 67.7 million cyber attacks per day over the last 10 months.
  • For LGBTQ+ organizations, we saw an average of 790,000 attacks mitigated per day over the last 10 months, with a majority of those classified as DDoS attacks.
  • Attacks targeting civil society organizations are generally increasing. We have broken down an attack aimed at a prominent organization, with the request volume climbing as high as 667,000 requests per second. Before and after this time the organization saw little to no traffic.
  • In Ukraine, spikes in traffic to organizations that provide emergency response and disaster relief coincide with bombings of the country over the 10-month period.
Nine years of Project Galileo and how the last year has changed it

In addition, we launched new case studies and added content to our Cloudflare Social Impact Portal to help organizations stay secure with our security offerings. Cloudflare is sponsoring Access Now’s RightsCon and we are excited to be attending the conference in Costa Rica to bring together many of our Project Galileo civil society partners. RightsCon convenes a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues.

The future of Project Galileo

The last year has shown us a lot on how we can use Project Galileo beyond just protecting vulnerable voices, but to work in new avenues to extend Cloudflare’s protection and provide our expertise to a range of groups working in digital security issues. As we look toward the next year, we will continue to look for new ways to expand our protections to at-risk groups around the world.

If you are an organisation looking for protection under Project Galileo, please visit our website:

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

Post Syndicated from Jocelyn Woolbright original

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español.

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

Internet shutdowns have long been a tool in government toolboxes when it comes to silencing opposition and cutting off access from the outside world. The KeepItOn campaign by Access Now, a group that defends the digital rights of global Internet users, documented at least 182 Internet shutdowns in 34 countries in 2021. Many of these shutdowns occurred during public protests, elections, and wars as an extreme form of censorship in places like Afghanistan, Democratic Republic of the Congo, Ukraine, India, and Iran.

There are a range of ways governments block or slow communications, including throttling, IP blocking, DNS interference, mobile data shutoffs, and deep packet inspection, all with similar goals: exerting control over information.

Although Internet shutdowns are largely public, it is difficult to document and track the ways in which governments implement them. The shutdowns not only impact people’s ability to participate in civil and political life and the economy but also have grave consequences for trust in democratic institutions.

We have reported on these shutdowns in the past, and for Cloudflare Impact Week, we want to tell you more about how we work with civil society organizations to provide tools to track and document the scope of these disruptions. We want to support their critical work and provide the tools they need so they can demand accountability and condemn the use of shutdowns to silence dissent.

Radar Internet shutdown alerts for civil society

We launched Radar in 2020 to shine light on the Internet’s patterns, insights, threats, and trends based on aggregated data from our network. Once we launched Radar, we found that many civil society organizations and those who work in democracy-building use Radar to track trends in countries to better understand the rise and fall of Internet usage.

Internally, we had an alert system for potential Internet disruptions that we use as an early warning regarding shifts in network patterns and incidents. When we engaged with these organizations that use Radar to track Internet trends, we learned more about how our internal tool to identify traffic distributions could be useful for organizations that work with human rights defenders on the ground that are impacted by these shutdowns.

To determine the best way to provide a tool to alert organizations when Cloudflare has seen these disruptions, we spoke with organizations such as Access Now, Internews, The Carter Center, National Democratic Institute, Internet Society, and the International Foundation for Electoral Systems. After our conversations, we launched Radar Internet shutdown alerts in 2021 to provide alerts on when Cloudflare has detected significant drops in traffic with the hope that the information is used to document, track, and hold institutions accountable for these human rights violations.

Since 2021, we have been providing these alerts to civil society partners to track these shutdowns. As we have collected feedback to improve the alerts, we have seen many partners looking for more ways to integrate Radar and the alerts into their existing tracking mechanisms. With this, we announced Radar 2.0 with API access for free so academics, data sleuths, civil society, human rights organizations, and other web enthusiasts can analyze, visualize, and investigate Internet usage across the globe, based on data from our global network. In addition, we launched Cloudflare Radar Outage Center to archive Internet outages and make it easier for civil society organizations, journalists/news media, and impacted parties to track past shutdowns.

Highlighting the work of our civil society partners to track Internet shutdowns

We believe our job at Cloudflare is to build tools that improve privacy and security for a range of players on the Internet. With this, we want to highlight the work of our civil society partners. These organizations are pushing back against targeted shutdowns that inflict lasting damage to democracies around the world. Here are their stories.

Access Now

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

Access Now’s #KeepItOn coalition was launched in 2016 to help unite and organize the efforts of activists and organizations across the world to end Internet shutdowns. It now represents more than 280 organizations from 105 countries across the globe. The goal of STOP Project (Shutdown Tracker Optimization Project) is ultimately to document and report shutdowns accurately, which requires diligent verification. Access Now regularly uses multiple sources to identify and understand the shutdown, the choice and combination of which depends on where and how the shutdown occurred.

The tracker uses both quantitative and qualitative data to record the number of Internet shutdowns in the world in a given year and to characterize the nature of the shutdowns, including their magnitude, scope, and causes.

Zach Rosson, #KeepItOn Data Analyst, Access Now, details, “Sometimes, we confirm an Internet shutdown through means such as technical measurement, while at other times we rely upon contextual information, such as news reports or personal accounts. We also work hard to document how a particular shutdown was ordered and how it impacted society, including why and how it happened.

On how Access Now’s #KeepItOn coalition uses Cloudflare Radar, Rosson says, We use Radar Internet shutdown alerts in both email and tweet form, as a trusted source to help verify a shutdown occurrence. These alerts and their underlying measurements are used as primary sources in our dataset when compiling shutdowns for our annual report, so they are used in an archival sense as well. Cloudflare Radar is sometimes the first place that we hear about a shutdown, which is quite useful in a rapid response context, since we can quickly mobilize to verify the shutdown and have strong evidence when advocating against it.

The recorded instances of shutdowns include events reported through local or international news sources that are included in the dataset, from local actors through Access Now’s Digital Security Helpline or the #KeepItOn Coalition email list, or directly from telecommunication and Internet companies.

Rosson notes, When it comes to Radar 2.0 and API, we plan to use these resources to speed up our response, verification, and publication of shutdown data as compiled from different sources. Thus, the Cloudflare Radar Outage Center (CROC) and related API endpoint will be very useful for us to access timely information on shutdowns, either through visual inspection of the CROC in the short term or through using the API to pull data into a centralized database in the long term.

Internet Society: ISOC

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

On the Internet Society Pulse platform, Susannah Gray, Director, Communications, Internet Society, explains that they strive to curate meaningful information around a government-mandated Internet shutdown by using data from multiple trusted sources, and making it available to everyone, everywhere in an easy-to-understand manner. ISOC does this by monitoring Internet traffic using various tools, including Radar. When they see something that might indicate that an Internet shutdown is in progress, they check if the shutdown meets their  criteria. For a shutdown to appear on the Pulse Shutdowns Tracker it needs to meet all the following requirements. It must:

  • Be artificially induced, as evident from reputable sources, including government statements and orders.
  • Remove Internet access.
  • Affect access to a group of people.

Once ISOC is certain that a shutdown is the result of government action, and isn’t the result of technical errors, routing misconfigurations, or infrastructure failures, they prepare an incident page, collate related measurements from their trusted data partners, and then publish the information on the Pulse shutdowns tracker.

ISOC uses many resources to track shutdowns. Gray explains, Radar Internet shutdown alerts are incredibly useful for bringing incidents to our attention as they are happening. The easy access to the data provided helps us assess the nature of an outage. If an outage is established as a government-mandated shutdown, we often use screenshots of Radar charts on the Pulse shutdowns tracker incident page to help illustrate how traffic stopped flowing in and out of a country during the shutdown. We provide a link back to the Radar platform so that people interested in getting more in-depth data can find out more.

ISOC’s aim has never been to be the first to report a government-mandated shutdown: instead, their mission is to report accurate and meaningful information about the shutdown and explore its impact on the economy and society.

Gray adds, For Radar 2.0 and the API, we plan to use it as part of the data aggregation tool we are developing. This internal tool will combine several outage alert and monitoring tools and sources into one single system so that we are able to track incidents more efficiently.

Open Observatory of Network Interference: OONI

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

OONI is a nonprofit that measures Internet censorship, including the blocking of websites, instant messaging apps, and circumvention tools. Cloudflare Radar is one of the main public data sources that they use when examining reported Internet connectivity shutdowns. For example, OONI relied on Radar data when reporting on shutdowns in Iran amid ongoing protests. In 2022, the team launched the Measurement Aggregation Toolkit (MAT), which enables the public to track censorship worldwide and create their own charts based on real-time OONI data. OONI also forms partnerships with multiple digital rights organizations that use OONI tools and data to monitor and respond to censorship events in their regions.

Maria Xynou, OONI Research and Partnerships Director, explains Cloudflare Radar is one of the main public data sources that OONI has referred to when examining reported internet connectivity shutdowns. Specifically, OONI refers to Cloudflare Radar to check whether the platform provides signals of a reported internet connectivity shutdown; compare Cloudflare Radar signals with those visible in other, relevant public data sources (such as IODA, and Google traffic data).

Tracking the shutdowns of tomorrow

As we work with more organizations in the human rights space and learn how our global network can be used for good, we are eager to improve and create new tools to protect human rights in the digital age.

If you would like to be added to Radar Internet Shutdown alerts, please contact [email protected] and follow the Cloudflare Radar alert Twitter page and Cloudflare Radar Outage Center (CROC). For access to the Radar API, please visit Cloudflare Radar.

Democratizing access to Zero Trust with Project Galileo

Post Syndicated from Jocelyn Woolbright original

Democratizing access to Zero Trust with Project Galileo

Democratizing access to Zero Trust with Project Galileo

Project Galileo was started in 2014 to protect free expression from cyber attacks. Many of the organizations in the world that champion new ideas are underfunded and lack the resources to properly secure themselves. This means they are exposed to Internet attacks aimed at thwarting and suppressing legitimate free speech.

In the last eight years, we have worked with 50 partners across civil society to onboard more than 2,000 organizations in 111 countries to provide our powerful cyber security products to those who work in sensitive yet critical areas of human rights and democracy building.

New security needs for a new threat environment

As Cloudflare has grown as a company, we have adapted and evolved Project Galileo especially amid global events such as COVID-19, social justice movements after the death of George Floyd, the war in Ukraine, and emerging threats to these groups intended to silence them. Early in the pandemic, as organizations had to quickly implement work-from-home solutions, new risks stemmed from this shift.

In our conversations with partners and participants, we noticed a theme. The digital divide in terms of cyber security products on the market and the “one size fits all” model mean that only large enterprises with a dedicated security team and extensive budgets have the ability to keep their internal resources and data secure. For Project Galileo, we work with a range of organizations that vary in size, internal capacity, and technical expertise. Especially since many of these groups rely on their online presence to collect donations, organize volunteers, and promote their mission, one size fits all security products do not match the needs and expertise for these groups.

Announcing new Zero Trust tools for Project Galileo participants

With this, we have extended our Zero Trust products to all domains under Project Galileo, as we want organizations to have access to Enterprise-level cyber security products no matter their size and budgets. Zero Trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. This allows organizations of any size to solve the common security problems such as data loss, malware and phishing so these organizations can focus on their unique missions.

For Impact Week, we are excited to share how Project Galileo participants and partners use Cloudflare’s Zero Trust products to keep their operations running smoothly.

CyberPeace Institute

Democratizing access to Zero Trust with Project Galileo

We started partnering with the CyberPeace Institute for Project Galileo in 2022. As part of our partnership, we have worked to provide our cyber security services to at-risk organizations around the world.

Established in 2019, the CyberPeace Institute is an independent and neutral nongovernmental organization, headquartered in Switzerland, whose mission is to ensure the rights of people to security, dignity and equity in cyberspace. The Institute works in close collaboration with relevant partners to reduce the harms from cyberattacks on people’s lives worldwide. By analyzing cyberattacks, the Institute exposes their societal impact, how international laws and norms are being violated, and advances responsible behavior to enforce cyberpeace.
Since our partnership, we’ve been working to onboard their organization to Cloudflare Zero Trust, to secure critical applications and protect employees from online threats.

“The CyberPeace Institute works with humanitarian non-governmental organizations (NGOs) to protect their operations and build their cyber capabilities, data and resources in an increasingly complex digital environment. Both the Institute and Cloudflare share a core motivation to ensure the rights of people to security, dignity and equity in cyberspace. This alignment gives us confidence that Cloudflare is the right strategic partner as we evolve with our mission. We are grateful for the support of Project Galileo” stated Stéphane Duguin, Chief Executive Officer, CyberPeace Institute.

The Information Technology Disaster Resource Center

Democratizing access to Zero Trust with Project Galileo

The Information Technology Disaster Resource Center is a nonprofit composed of thousands of service oriented technical professionals and private sector partners that assist in disaster response operations in the United States. These teams train and work in collaboration with NGOs and first responders to deliver emergency communications and technical solutions to aid communities in crisis. ITDRC provides connectivity, Wi-Fi hotspots, cell phone charging stations, and Internet-enabled computers for shelters, fire camps, and community recovery. A key part of their mission is to leverage technology to connect survivors and responders amid crises.

ITDRC started using Cloudflare in 2020 when they were accepted to Project Galileo. Since then, they have implemented many Zero Trust products to secure their volunteers and employees.

Chris Hillis, Co-founder at ITDRC says, “Cloudflare Zero Trust is essential to securing our employees, volunteers, and disaster survivors on site and in the field. Cloudflare delivers secure, reliable, and fast connectivity to the Internet and critical applications that our teams need to respond to disasters effectively. Setting up policies has been simple for our administrators, and our team benefits from a safer, faster experience, whether accessing internally hosted applications, or the broader Internet. With Cloudflare Access, we are able to ensure that team members receive a consistent user experience accessing internal applications based on their role, all while utilizing our existing identity provider and securing our infrastructure. Utilizing Cloudflare Gateway adds an additional layer of security to our networks and devices, helping to protect our users from external threats, and themselves.”


Democratizing access to Zero Trust with Project Galileo

Meedan is a global technology not-for-profit that builds software and programmatic initiatives to strengthen journalism, digital literacy, and accessibility of information online and off. They develop open-source tools for creating and sharing context on digital media through crowdsourcing, annotation, verification, archival, and translation. Their projects span issues including election monitoring, pandemic response, and human rights documentation.

Aaron Huslage, Director of Systems and Security at Meedan says, “Meedan and Cloudflare both share a vision of a more equitable, safer Internet. We were proud to be a founding member of Project Galileo in 2014 and support the work that program has done to protect Human Rights Defenders around the world. Closer to home Cloudflare helps our employees be more secure and productive when creating and distributing our open source software.”

Organization of American States

Democratizing access to Zero Trust with Project Galileo

The Organization of American States is the world’s oldest regional organization, dating back to the First International Conference of American States, held in Washington, D.C., from October 1889 to April 1890. Its 35 members focus on four main pillars — democracy, human rights, security, and development. It serves as a home for multilateral dialogue on topics such as the rights of indigenous peoples, territorial disputes, and regional goals for education.

“The partnership with Cloudflare will help the Organization of American States (OAS) democratize best-in-class security to modernize and strengthen our internal cybersecurity posture with a Zero Trust approach, delivered in the cloud, without sacrificing our workforce performance.” Andrew Vanjani, OAS Chief Information Officer.

How do I get started?

First, we want to thank all of our civil society partners that we work alongside to offer Cloudflare protection and work with us to extend even more products to organizations around the world. If you are an organization looking for protection under Project Galileo, please visit our website:

Expanding Area 1 email security to the Athenian Project

Post Syndicated from Jocelyn Woolbright original

Expanding Area 1 email security to the Athenian Project

This post is also available in 简体中文, Deutsch, Français and Español.

Expanding Area 1 email security to the Athenian Project

Election security encompasses a wide variety of measures, including the protection of voting machines, election office networks, voter registration databases, and other systems that manage the electoral process. At Cloudflare, we have reported on threats to state and local governments under the Athenian Project, how we prepare political campaigns and state parties under Cloudflare for Campaigns for election season, and our work with organizations that report on election results and voting rights groups under Project Galileo.

Since the 2022 US midterm elections, we have been thinking about how we help state and local governments deflect larger cyber threats that target the election community and have been analyzing the biggest problems they are facing. In October 2022, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, said, “The current election threat environment is more complex than it has ever been.” Amid threats, intimidation toward election workers, and cyber attacks against election infrastructure and operations, preparing for elections is no easy task.

At Cloudflare, our mission is to help build a better Internet. The Internet plays a key role in promoting democracy and ensuring constituents’ access to information. With this, we are excited to share that we have grown our offering under the Athenian Project to include Cloudflare’s Area 1 email security suite to help state and local governments protect against a broad spectrum of phishing attacks to keep voter data safe and secure.

Our work in protecting elections

To understand why we have expanded our product set, we need to look back on how our services have helped state and local governments during election time. Under the Athenian Project, we have provided our highest level of Cloudflare services—the Enterprise plan—for free to state and governments that run elections. The idea originally was that, just like every other Internet property, election websites need to be fast, they need to be reliable, and they need to be secure. Yet, scarce budgets too often prevent governments from getting the right resources to prevent attacks and stay online.

With this, we launched the Athenian Project in 2017. It includes many of our core web services, such as DDoS protection, Web Application Firewall, SSL encryption, and more security features that focus on web applications. We have been able to provide these services to local governments in 31 states and currently protect 359 election entities in the United States.

We have expanded our product set at Cloudflare with Workers, Pages, Zero Trust, and network security solutions. With this, we wanted to understand how we can better support the election community that we work with every day on the Athenian Project.

We knew we could provide more

Internally, we brainstormed on the most pressing issues that face the election community and overall Internet ecosystem. We also asked new and existing Athenian participants on the largest pain points they have when it comes to securing their internal networks and applications. We received a range of answers, from fears of a DDoS attack on election night, to zero-day exploits, on-path attacks, and malware attacks. Many of the same themes came up, especially for small counties that run elections with a huge fear of phishing and ransomware attacks.

Despite email’s importance as a communication method, many types of email security still are not built into email by default. As a result, email is a major attack vector for organizations large and small, and for individual people as well. We have seen firsthand phishing attempts that take advantage of human psychology to encourage quick —and unfortunate— decision-making. Once an attacker has infiltrated a network, they can easily move laterally undetected and impact a wide range of sensitive internal systems.

That is why email security plays a critical role in preemptive defenses against ransomware attacks. Since many of these attacks start with a malicious or phishing email, effective email security can act as a frontline defense against ransomware, and stop these attacks before they reach inboxes. Due to the ease with which threats can be blocked before they reach an election official’s inbox, we were excited to work with those in the election space to find the best way to make these products available.

Typically, when we offer new security products under our Impact projects, we collaborate with external stakeholders. One example is the civil society groups that we partner with under Project Galileo; many of them work in the election community and at government agencies, such as CISA’s Joint Cyber Defense Collaborative (JCDC). These partnerships help us understand how to provide these security tools in a responsible and sustainable way.

How one North Carolina county uses Area 1 email security

Months before the 2022 US midterm elections, we reached out to a few state and local governments that currently use Zero Trust products, such as Access and Gateway, to discuss email security.

Expanding Area 1 email security to the Athenian Project

One of our Athenian participants that was eager to work with us on this expansion was Rowan County, North Carolina. For Randy Cress, CIO for Rowan County, election season means all hands on deck for IT staff in order to secure their .gov site that provides accurate, secure information to voters.

In 2020, Rowan County reported that Cloudflare helped them tackle a 400% increase in traffic on a limited budget which allowed them to refocus resources on other county initiatives. When it comes to phishing attacks, Randy wanted to shield county employees from phishing attacks and block malicious threats automatically.

Prior to Area 1 Security, we were using Office 365 email protection with limited insight for the specifics for messages that were quarantined. While cloud services from Microsoft are continually evolving, we were looking to reduce complexity to support security functions within our environment, allowing us to continue implementing new layers of defense.

Deploying Area 1 gave the county the ability to preemptively discover and eliminate phishing attacks before they inflict damage in their environment. Randy added, “Our team was able to fully onboard prior to the official onboarding call in less than 30 minutes with Cloudflare. We were able to focus on features and specifics of the product offering in lieu of time spent in configuration mode and troubleshooting. Since we are using Cloudflare for DNS and DDoS protection, the changes were extremely easy and there were no interruptions to our mail delivery process.”

For the 2022 US midterm elections, Randy reported, “Leading up to the elections, reports within our Area 1 dashboard indicated 2x as many inbound malicious emails from the same time period in October 2022. We saw credential harvesting as the top threat, and we are easily able to see which users are targeted for email compromise. With Area 1 Security under the Athenian Project, we were able to add additional layers of security to our organization, as it allowed us to preemptively defend against malicious messages before an employee can click on a malicious link. This gives us comfort knowing that Cloudflare is our first line of defense, so we can focus on providing a secure voting process for the constituents of Rowan County.”

Area 1 and the Athenian Project

Cloudflare Area 1 email security is a cloud-native service that stops phishing attacks and can be used with Enterprise accounts under the Athenian Project. If you are a state or local government that is interested in learning more about the Athenian Project, please apply on our website:

In Ukraine and beyond, what it takes to keep vulnerable groups online

Post Syndicated from Jocelyn Woolbright original

In Ukraine and beyond, what it takes to keep vulnerable groups online

This post is also available in 日本語, Deutsch, Français, Español, Português.

In Ukraine and beyond, what it takes to keep vulnerable groups online

As we celebrate the eighth anniversary of Project Galileo, we want to provide a view into the type of cyber attacks experienced by organizations protected under the project. In a year full of new challenges for so many, we hope that analysis of attacks against these vulnerable groups provides researchers, civil society, and targeted organizations with insight into how to better protect those working in these spaces.

For this blog, we want to focus on attacks we have seen against organizations in Ukraine, including significant growth in DDoS attack activity after the start of the conflict. Within the related Radar dashboard, we do a deep dive into attack trends against Project Galileo participants in a range of areas including human rights, journalism, and community led non-profits.

To read the whole report, visit the Project Galileo 8th anniversary Radar Dashboard.

Understanding the Data

  • For this dashboard, we analyzed data from July 1, 2021 to May 5, 2022 from 1,900 organizations from around the world that are protected under the project.
  • For DDoS attacks, we classify this as traffic that we have determined is part of a Layer 7 (application layer) DDoS attack. Such attacks are often malicious floods of requests designed to overwhelm a site with the intention of knocking it offline. We block the requests associated with the attack, ensuring that legitimate requests reach the site, and that it stays online.
  • For traffic mitigated by the web application firewall, this is traffic that was determined to be malicious and was blocked by Cloudflare’s firewall. We provide free Business level services under Project Galileo, and our WAF is one of the valuable tools used to mitigate attempts to exploit vulnerabilities intended to gain unauthorized access to an organization’s online application.
  • For graphs that represent changes in traffic or domains under Project Galileo, we are using the average daily traffic (number of requests) of the first two weeks of July 2021 as the baseline.

Highlights of past year

  • We continue to see cyberattack activity increase, with nearly 18 billion attacks between July 2021 and May 2022. This is an average of nearly 57.9 million cyberattacks per day over the last nine months, an increase of nearly 10% over last year.
  • Mitigated DDoS traffic targeting organizations in Ukraine reached as much as 90% of total traffic during one significant attack in April.
  • After the war in Ukraine started, applications to the project increased by 177% in March 2022.
  • Journalism and media organizations in Europe and the Americas saw traffic grow ~150% over the last year.
  • We see a range of unsophisticated cyberattacks against organizations that work in human rights and journalism. Up to 40% of WAF mitigated requests were classified as HTTP Anomalies, the largest of any WAF rule type, a type of attack that can be damaging to unprotected organizations but is automatically blocked by Cloudflare.
  • From July 2021 to May 2022, organizations based in Europe consistently accounted for half to two-thirds of request traffic out of all the regions covered under the project.

Global Coverage of Project Galileo

In Ukraine and beyond, what it takes to keep vulnerable groups online

Protecting organizations in Ukraine

As the war started in Ukraine, we saw an increase in applications for participation in Project Galileo from organizations looking for our assistance. Many came in while under DDoS attack, but we also saw sites subject to large influxes of traffic from people on the ground in Ukraine attempting to access information due to the ongoing Russian invasion. While traffic from organizations in Ukraine was largely flat before the start of the war, since that time, traffic increases primarily have been driven by organizations that work in journalism and media.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Ahead of the war, organizations that work in community building/social welfare, such as those who provide direct assistance to refugees, or provide donation platforms to support those in Ukraine were responsible for what little traffic that was mitigated by the web application firewall (WAF). However, after the war began, journalism organizations saw the most WAF-mitigated traffic, with frequent spikes, including one on March 13 representing 69% of traffic. During this period of increased WAF-mitigated requests that started in late February, the majority of the attacks were classified as SQLi. WAF mitigated traffic for human rights organizations increased in mid-March, growing to between 5-10% of traffic.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Mitigated DDoS traffic for organizations in Ukraine was concentrated in the mid-March to May timeframe, with rapid growth in the percentage of traffic it represents. The first spikes were in the 20% range, but rapidly grew before receding, including an attack on April 19 that accounted for over 90% of traffic that day.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Since the start of the war, growth in traffic from protected organizations has varied across the categories. Traffic among Health organizations increased by 20-30x over baseline between late March and later April. Setting aside attack spikes, traffic from Journalism organizations was generally up 3-4x over baseline. Growth in the other categories was generally below 3x.

In Ukraine and beyond, what it takes to keep vulnerable groups online

For traffic mitigated by the web application firewall (WAF), the most frequently applied rule was HTTP Anomaly, associated with 92% of requests. Requests for Web content (HTTP requests) have an expected structure, set of headers, and related values. Some attackers will send malformed requests, including anomalies like missing headers, unsupported request methods, using non-standard ports, or invalid character encoding. These requests are classified as “HTTP anomalies”. These anomalous requests are frequently associated with unsophisticated attacks, and are automatically blocked by Cloudflare’s WAF.

In Ukraine and beyond, what it takes to keep vulnerable groups online

With the ongoing war, we continue to onboard and provide protection to organizations in Ukraine and neighboring countries to ensure they have access to information. Any Ukrainian organizations that are facing attack can apply for free protection under Project Galileo by visiting, and we will expedite their review and approval.

Attack methods based on region

Across the Americas, Asia Pacific, Europe, and Africa/Middle East regions, the largest fraction (28%) of mitigated requests were classified as “HTTP Anomaly”, with 20% of mitigated requests tagged as SQL injection attempts and nearly 13% as attempts to exploit specific CVEs. CVEs are publicly disclosed cybersecurity vulnerabilities. Cloudflare monitors new vulnerabilities and quickly determines which require additional rulesets to protect our users. Depending on the vulnerability, they can be sophisticated attacks but depend on the severity, identification and response by security professionals.

In our previous report, we identified similar attack trends with SQLi injection and HTTP anomalies, classified as User agent anomalies, making up a large part of mitigated requests.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Attacks methods by on organization type

We protect a range of organizations under Project Galileo. For this dashboard, we categorized them in 6 groups: community building/social welfare, education, environmental/disaster relief, human rights and journalism. To help understand threats against these groups, we broke down the types of attacks we saw that were mitigated by the web application firewall. A majority of the mitigated traffic is from HTTP anomalies and SQLi (SQL injection).

SQLi is an attack technique designed to modify or retrieve data from SQL databases. By inserting specialized SQL statements into a form field, attackers attempt to execute commands that allow for the retrieval of data from the database, modification of data within the database, the destruction of sensitive data, or other manipulative behaviors.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Learn more on the 8th Anniversary Radar DashboardSee the full report on attack trends we observed against a wide range of organizations protected under Project Galileo.

Let’s celebrate the 8th anniversary of Project Galileo!

Post Syndicated from Jocelyn Woolbright original

Let’s celebrate the 8th anniversary of Project Galileo!

Let’s celebrate the 8th anniversary of Project Galileo!

We started Project Galileo in 2014 with the simple idea that organizations that work in vulnerable yet essential areas of human rights and democracy building should not be taken down because of cyber attacks. In the past eight years, this idea has grown to more than just keeping them secure from a DDoS attack, but also how to foster collaboration with civil society to offer more tools and support to these groups. In March 2022, after the war in Ukraine started, we saw an increase in applications to Project Galileo by 177%.

Read ahead for details on all of our eighth anniversary announcements:

  • Two new civil society partners helping choose participants
  • New insights on attack patterns using data from Cloudflare Radar
  • A portal designed to ease onboarding for Galileo participants
  • Details on our sessions at RightsCon this week
  • New case studies highlighting Galileo participants and the important work they are doing

Announcing two new Project Galileo partners

This year, we are excited to welcome two new partners, International Media Support and CyberPeace Institute. As we introduce new partners, we are able to expand the project to protect a range of groups on the Internet. With this, we currently protect 1,900+ organizations in 111 countries.

With almost three years working on Project Galileo at Cloudflare, I get a front row seat to how we use security tools to protect the most vulnerable on the Internet. From journalism groups in Brazil reporting on environmental issues to social justice organizations in the United States to activists in authoritarian countries, we see a range of voices that come to Cloudflare for protection.

The anniversary of the project is one of my favorite times of the year, as it gives us the opportunity to show the world a glimpse of what we see on a daily basis. With the anniversary, it also gives us time to reflect on lessons learned and how we can improve the project.

In a time of crisis, we engage with civil society on how to protect the most vulnerable

Let’s celebrate the 8th anniversary of Project Galileo!

One of the most important lessons we have learned about Project Galileo is that in a time of crisis, whether it be the spread of COVID-19 and shift to remote work or geopolitical conflicts, we are able to quickly mobilize to offer our assistance. One way we do this is to leverage our partnerships with civil society to offer our security tools and technical expertise to those who need help to keep their online platforms secure and reliable.

This became clear at the end of February 2022 and the start of the Russian invasion of Ukraine.

After the war in Ukraine started, applications to the project increased by 177% in March 2022. Since then, we onboarded 43 organizations in Ukraine to Project Galileo. In the region, we protect 116 organizations with 62 organizations onboarded to the project during the crisis, this includes organizations in Ukraine. Many of these organizations are working in journalism and reporting on the ground in Kyiv, human rights activists that are assisting refugees fleeing the country, and groups who have built applications to alert users of incoming air raids.

We have seen how partnerships between civil society, governments, and private sector companies have given us the ability to provide a swift response in providing support to Ukraine.

We see this in the form of donations of security services to ensure that people on the ground have access to information. There has been a focus on the conflict in Ukraine primarily on how to protect organizations that work in human rights. But, many civil society groups that have been working to provide assistance may have been overlooked in the digital security context. Many times, civil society does not get as many resources to protect themselves, and we strive to provide our services to human rights defenders, but also those who support them.

We have learned in the past few months that collaboration in a time of crisis is essential to responsibly provide our protections under the project. Any Ukrainian organizations that are facing attack can apply for free protection under Project Galileo by visiting, and we will expedite their review and approval.

What to expect for the 8th anniversary of Project Galileo

Radar dashboard

Let’s celebrate the 8th anniversary of Project Galileo!

For the Project Galileo 8th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data.

We created a Radar dashboard to focus on attacks against organizations in areas such as human rights, journalism, and community building groups. We onboarded a range of organizations in Ukraine and neighboring countries during the ongoing Russian invasion.

Learn more about the attacks we see against vulnerable groups protected under Project Galileo with an additional blog post and Radar dashboard tomorrow.

Social Impact Portal

Let’s celebrate the 8th anniversary of Project Galileo!

Project Galileo has grown to support more than 1,900 organizations. These organizations typically fall into two categories. The first are organizations that are familiar with the security landscape and the Cloudflare tools they need to keep their organization secure. The second, which is a majority of organizations we protect under the project, are not familiar with the threat landscape and do not have a dedicated IT staff.

We know too well that organizations that work to support democracy, accountability, and human rights face an increased rate of cyber attacks because of the sensitive nature of their work. Many times, organizations come to Cloudflare because they come under a cyber attack and need our help with mitigation and getting back online. Unfortunately, we see applications like this come in every day for Project Galileo.

With this, we wanted to create a new resource to help these organizations on their Cloudflare journey. We are proud to release a new centralized area that organizations protected under our many projects can turn to when they have questions about configurations, product requests, and training on how to keep their organization secure. With tailored videos on security products with a focus on Cloudflare Zero Trust products, we are excited to offer more resources to organizations with very little or no dedicated IT staff, to ensure they stay online and secure from cyber attacks.

Learn more about our Cloudflare Social Impact Project portal and how we built this specifically for organizations protected under our Cloudflare Impact projects this week.

RightsCon 2022

Let’s celebrate the 8th anniversary of Project Galileo!

Every year, Cloudflare sponsors Access Now’s RightsCon. RightsCon brings together a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues. With topics including Internet shutdowns, digital security, privacy, and surveillance, it has it all for a great week of engaging with a range of players in the digital rights space.

This year, we are participating in a variety of events, but particularly excited about a community lab we are hosting with partner organizations like National Democratic Institute, Internews, CyberPeace Institute, and Okta. The session is focused on tools available for at-risk organizations and to learn more on how the private sector and civil society can improve security resources. We’ve learned in the last few years of Project Galileo that we are one part of the broader ecosystem. When it comes to providing tools to organizations, it is important to work together with the many players to find the best way to support organizations online and offline. We hope this session will generate further ideas on how we can work closely with others  and earn more on how organizations view security resources.

If you plan to attend RightsCon, please check out our session on Wednesday, June 8, at 12:30 pm ET. More information can be found on the RightsCon website.

Case Studies

Let’s celebrate the 8th anniversary of Project Galileo!

As we celebrate the anniversary, we want to highlight many of the organizations protected under the project and how they keep their organization secure from cyber attacks. We value organizations that want to tell their story of the amazing work they do in human rights and community building and how they stay online with Cloudflare. Our goal with telling their stories is to encourage others who may work in similar spaces to take advantage of security tools available to them. Case studies also help other organizations that may be new to the project.

Check out some of their stories on how they use Project Galileo to stay secure from cyber attacks.

If you are an organization looking for protection

As we kick off the 8th anniversary of Project Galileo, we want to thank all of our civil society partners that we work alongside to offer Cloudflare protection. If you are an organization looking for protection under Project Galileo, please visit our website:

Cloudflare’s Athenian Project Expands Internationally

Post Syndicated from Jocelyn Woolbright original

Cloudflare's Athenian Project Expands Internationally

Cloudflare's Athenian Project Expands Internationally

Over the course of the past few years, we’ve seen a wide variety of different kinds of online threats to democratically-held elections around the world. These threats range from attempts to restrict the availability of information, to efforts to control the dialogue around elections, to full disruptions of the voting process.

Some countries have shut down the Internet completely during elections. In 2020, Access Now’s #KeepItOn Campaign reported at least 155 Internet shutdowns in 29 countries such as Togo, Republic of the Congo, Niger and Benin. In 2021, Uganda’s government ordered the “Suspension Of The Operation Of Internet Gateways” the day before the country’s general election.

Even outside a full Internet shutdown, election reporting and registration websites can face attacks from other nations and from parties seeking to disrupt the administration of the election or undermine trust in the electoral process. These cyberattacks target not only electronic voting or election technologies, but access to information and communications tools such as voter registration and websites that host election results. In 2014, a series of cyberattacks including DDoS, malware and phishing attacks were launched against Ukraine’s Central Election Commission ahead of the presidential election. These sophisticated attacks attempted to infiltrate the internal voting system and spread malware to deliver fake election results. Similar attacks were seen again in 2019 as Ukraine accused Russia of launching a DDoS attack against the CEC a month before the presidential election. These types of attacks that target electoral management agencies’ communication tools and public facing websites have been on the rise in countries ranging from Indonesia, North Macedonia, Georgia, and Estonia.  

Three and a half years ago, Cloudflare launched the Athenian Project to provide free Enterprise level services to state and local election websites in the United States. Through this project we have protected over 292 websites with information about voter registration, voting and polling places, as well as sites publishing final results across 30 states at no cost to the entities administering them. However, due to the growing trend of cyberattacks targeting election infrastructure, election security is not a US-specific issue, and since we launched the Athenian Project in the United States many people have asked: why don’t you extend these cybersecurity protections to election entities around the world?

Challenges, Solutions and Partnerships

The short answer is we weren’t entirely sure whether Cloudflare, a US based company, could provide a free set of upgraded security services to foreign election entities. Cloudflare is a global company with 16 offices around the world and a global network that spans over 100 countries to provide security and performance tools. We are proud to create new and innovative products to enhance user privacy and security, but understanding the intricacies of local elections, the regulatory environment, and political players is complicated, to say the least.

When we started the Athenian Project in 2017, we understood the environment and gaps in coverage for state and local governments in the United States. The United States has a decentralized election administrative system, which means that local election administrators may conduct elections differently in every state. Because of the funding challenges that come with a decentralized system, state and local governments in all 50 states could benefit from free Enterprise-level services. Fast-forward to more than three years after we launched the project, we have learned a great deal about what types of threats election entities face, what products election entities need for securing their web infrastructure, and how to build trust with state and local governments in need of these types of protections.

As the Athenian Project and Cloudflare for Campaigns grew in the United States, we received inquiries from foreign election bodies, political parties and campaigns on whether they were eligible for protection under one of these projects. We turned to our Project Galileo partners for their advice and guidance.

Under Project Galileo, we partner with more than 40 civil society organizations to protect a range of sensitive players on the Internet including human rights organizations, journalism and independent media, and organizations that focus on strengthening democracy in 111 countries. Many of these civil society partners work on election-related matters such as capacity building, strengthening democratic institutions, supporting civil society organizations to equipping these groups with the tools they need to be safe and secure online. These partners, many of whom have local representatives on the ground, understand the intricacies of the election landscape and delicate nature of trust building between local election administrations, political parties and organizations with personnel directly on the ground in many of these regions to provide direct support and expertise when it comes to safeguarding elections.

After many discussions and years in the making, we are excited to announce our collaboration with The International Foundation for Electoral Systems, National Democratic Institute, the International Republican Institute and to provide free Enterprise Cloudflare services to groups working on election reporting and to election management agencies to provide the tools, resources and expertise to help them stay online in the face of large scale cyber attacks.

Partnership with International Foundation for Electoral Systems

Cloudflare's Athenian Project Expands Internationally

As we work with civil society organizations on issues in the election space and extending protections outside the United States, we frequently heard organizations bring up IFES, the International Foundation for Electoral Systems, due to their expertise in promoting and protecting democracy. The International Foundation for Electoral Systems is a nonpartisan, nonprofit organization that has worked in more than 145 countries, from developing to mature democracies.

Founded in 1987, IFES’ work in promoting democracy and genuine elections has evolved to meet the challenges of today and tomorrow. IFES offers research, innovation and technical assistance to support democratic elections, human rights, combat corruption, promote equal political participation, and ensure that information and technology advance, not undermine, democracy and elections.

One of the many reasons we wanted to work with IFES on expanding our election offering was due to the organizations’ unique position in terms of technical expertise, understanding of the political landscapes in which they operate, and fundamental knowledge of the types of protections these election management bodies (EMBs) need in preparing and conducting elections. Building trust in the election space is critical when providing support to EMBs. Due to years of hard work from IFES assisting with the implementation of election operations as well as direct assistance to support democratic developments, and the trust IFES has correspondingly developed with EMBs, they were a logical partner.

IFES’ Center for Technology & Democracy, in collaboration with IFES program teams worldwide, provides cybersecurity and ICT assistance to EMBs and civil society organizations (CSOs). IFES uses leading cybersecurity and ICT practices and standards incorporated into its Holistic Exposure and Adaptation Testing (HEAT) methodology with the aim of increasing EMBs and CSOs digital transformation while mitigating associated risks.

“Cloudflare has played an integral role in helping EMBs and CSOs protect their websites, prevent website defacement, and ensure that they are accessible during peak traffic spikes. This has allowed EMBs and CSOs to build internal and external stakeholder confidence while gaining access and building local capacity on cutting-edge cybersecurity solutions and good practices.”
Stephen Boyce, Senior Global Election Technology & Cybersecurity Advisor at IFES.

As part of the partnership with IFES, Cloudflare provides its highest level of services to EMBs working with IFES and equips them with the cybersecurity tools for their web infrastructure and internal teams to promote electoral integrity and stronger democracies. Along with cybersecurity tools, Cloudflare will work closely with IFES on training and direct assistance to these election bodies, so they have the knowledge and expertise to conduct a free, fair, and safe elections.  In the past, Cloudflare has worked with IFES to provide services in support of elections in Georgia, and we look forward to extending these protections to other EMBs in the future.

Partnership with National Democratic Institute, the International Republican Institute and the Design 4 Democracy Coalition

Cloudflare's Athenian Project Expands Internationally

The National Democratic Institute and The International Republican Institute are two of the many Project Galileo partners that we have worked with to provide cybersecurity tools to organizations that work building and strengthening democratic institutions and increasing civic participation all around the world. As we worked together on Project Galileo, our conversations often focused on the best way to extend these types of security tools to groups in the election space.

Cloudflare is excited to announce that we are partnering with the National Democractic Institute (NDI), the International Republican Institute (IRI) and the Design 4 Democracy Coalition (D4D) to expand our election support efforts. Through this initiative, Cloudflare will provide free service to vulnerable groups working on elections, as identified by NDI and IRI. Our combined expertise in cybersecurity and elections administration will enable us to be mutually beneficial in navigating this space. As part of protecting a new set of election groups, Cloudflare will work with NDI and IRI to understand the global threats faced by democratic election institutions.

“Elections are being undermined by a wide range of malign actors. Through our partnership with Cloudflare, IRI has been able to ensure that the civil society and independent media organizations we support globally are able to defend themselves against cyber attacks and massive increases in web traffic – keeping them safe and online at the most critical moments for democratic integrity. We are excited to be working with Cloudflare, NDI, and the D4D Coalition to expand those offerings to election management bodies, political parties, and political campaigns – a critical step toward ensuring that political competition is fought in the sphere of policy and governance delivery, and not through information and cyber warfare.”
Amy Studdart, Senior Advisor for Digital Democracy, Center for Global Impact at the International Republican Institute.

As part of our new initiative, when Cloudflare tests new products which would be particularly useful for election groups we will work with NDI, IRI and D4D to encourage these groups to adopt the new services. This might include passing along information and documentation on how to deploy them, offering webinars, and providing other specialized support. Piloting new products with this audience will also provide us with the opportunity to learn about needs and pain points for these groups.

“Safe, reliable access to the internet is fundamental to a free, open, and democratic electoral process in the modern era. Cloudflare’s sophisticated protections against various forms of cyberattack have provided invaluable support to at-risk campaigns and civic organizations through NDI and the D4D Coalition. This new initiative will go further to supporting one of the most fundamental of human rights: the vote.”
Chris Doten,  Chief Innovation Officer at the National Democratic Institute.

Extending Protection to State Parties in the United States with Defending Digital Campaigns

Cloudflare's Athenian Project Expands Internationally

We didn’t forget our friends in the United States. I am excited to announce that we are extending our support to provide a suite of Cloudflare products to eligible state parties in the United States with our partnership with Defending Digital Campaigns (DDC). In January 2020, we announced our partnership with Defending Digital Campaigns, a nonprofit, nonpartisan organization that provides access to cybersecurity products, services, and information to eligible federal campaigns.

We have reported on the regulatory challenges of providing free or discounted services to political campaigns in the past. Due to campaign finance regulations in the United States, private corporations are prohibited from providing any contributions of either money or services to federal candidates or political party organizations. We partnered with DDC, who was granted special permission by the Federal Election Commission to provide eligible federal campaigns with free or reduced-cost cybersecurity services due to the enhanced threat of foreign cyberattacks against party and candidate committees.

Since the start of our partnership, we have provided products to protect Presidential, Senate and House campaigns with tools like DDoS protection, web application firewall, SSL encryption, and bot protection. We have also offered campaigns cybersecurity tools to protect their internal networks, offering Cloudflare Access and Gateway to more than 75 campaigns in the 2020 U.S. election.

After the 2020 U.S. election, DDC extended their offering to protect state parties in select states.

“One of DDC’s core recommendations for any campaign or an organization like a State Party is protecting their websites from attacks or defacements,” said Michael Kaiser, President and CEO of Defending Digital Campaigns. “Our partnership with Cloudflare is critical to bringing this core protection to eligible entities and protecting our democracy.”

We are excited to be furthering our partnership with Defendering Digital Campaigns to provide our free suite of services to eligible state parties to better secure themselves from cyber attacks.

For more information on eligibility for these services under DDC and the next steps, please visit

To the future…

Recognizing the global nature of cyberthreats targeting election-related technologies, we are excited to be working with these groups to help players in the election space stay secure online. In addition to the goals already laid out, Cloudflare intends to build on these partnerships in the future. Eventually, we hope to assist with each of these partners’ programs as mentors and trainers, perhaps directly participating in assessments and training around critical elections. These groups’ expertise makes them fantastic partners in this space, and we look forward to the opportunity to expand our work with their guidance.

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Post Syndicated from Jocelyn Woolbright original

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Cloudflare started Project Galileo in 2014 to provide a set of free security products to a range of groups on the Internet that are targeted by cyberattacks due to their critical work. These groups include human rights defenders, independent media and journalists, and organizations that work in strengthening democracy. Seven year later, Project Galileo currently protects more than 1,500 organizations in 111 countries.

A majority of the organizations protected under Project Galileo work in independent media and journalism, and are targeted both physically and online as a result of reporting critical events around the world. From July 2020 to March 2021, there were more than seven billion cyberattacks against Project Galileo journalism and media sites, equating to over 30 million attacks per day against this group. We reported many of these findings for the 7th anniversary of Project Galileo’s Radar Dashboard.

Global Cyber Alliance

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

We have reported on the cyber threats to independent journalists and media organizations in the past, with the goal of creating best practices on how to protect these groups online. As we shared these insights, we started to collaborate with organizations that provide support and resources to improve journalists’ cybersecurity capabilities and respond to threats. One of these organizations that we were excited to engage with was the Global Cyber Alliance.

The Global Cyber Alliance (GCA​) is an international, cross-sector nonprofit dedicated to confronting systemic cyber risks and improving our connected world. GCA develops free, easy and accessible tools to a range of stakeholders on the Internet including small businesses, journalists and, election officials around the world. Each toolkit is curated with tools and guidance on managing passwords, encrypting your data, backing up data, secure email, and browsing, anti-virus, DNS Security and more.

“As journalism increasingly, if not exclusively, relies on connected resources to investigate and report news, these capabilities offer tremendous benefit, particularly as newsrooms face budget constraints. At the same time, connected resources if not secured properly can unknowingly risk journalists, their sources, and the developments they cover,” said Megan Stifel, Global Policy Officer and Capacity & Resilience Program Director at the Global Cyber Alliance. “Resources such as Project Galileo play an important role in helping journalists protect themselves and their work, enabling them to report the news on their terms. GCA is pleased to add this resource to our free Cybersecurity Toolkit for Journalists, which is one of three toolkits available through our Capacity & Resilience Program.”

Project Galileo and the GCA Cybersecurity Toolkit for Journalists

Cloudflare is thrilled to have Project Galileo included in the GCA Cybersecurity Toolkit for Journalists to provide the tools and resources for journalists in order to be safer online. The free tools in the toolkit include:

  • DNS Security with WARP: Cloudflare VPN (WARP) on devices, or their router, to Cloudflare’s DNS Resolver ( With it automatically blocks known malware before your browser has a chance to load it.
  • End-to-End Encryption with Cloudflare SSL: Trust is essential for journalists and their public facing websites as they are a source of truth to their audience. With Cloudflare SSL, they can ensure that information is private and secure for visitors who engage with these websites. SSL also stops certain kinds of cyberattacks as it authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data.
  • Cloudflare for Teams products Access & Gateway: To assist media organizations, Cloudflare for Team’s products Access & Gateway makes remote works safer for teams around the world with protecting internal applications and DNS filtering to ensure that journalists keep their sensitive information secure and do not fall victim to a cyberattack. Read more on how a local news outlet in New Jersey uses Gateway to filter and block malicious attacks and phishing attempts.

We are excited to be working with the Global Cyber Alliance and look forward to further collaboration on guidance, tools, and resources to improve security for individuals and organizations.

Celebrating 7 Years of Project Galileo

Post Syndicated from Jocelyn Woolbright original

Celebrating 7 Years of Project Galileo

Celebrating 7 Years of Project Galileo

Every June, we celebrate the anniversary of Project Galileo. This year, we are proud to celebrate seven years of protecting the most vulnerable groups on the Internet from cyber attacks. June is a busy month for us at Cloudflare, with the anniversary of Project Galileo and Access Now’s RightsCon, one of the largest events on human rights in the digital age. As we collaborate with civil society on topics from technology, privacy, digital security and public policy, we learn how to better protect critical voices on the Internet but also how to use the Cloudflare network to make positive changes to the Internet ecosystem.

We started Project Galileo in 2014 with the idea that we need to protect voices that are targeted for working in sensitive areas. As such, we give these voices the resources to protect themselves online against powerful opponents. Whether their opponent’s aim is to intimidate, silence, or steal sensitive information, cyber attacks can cause significant damage to organizations that work in areas such as human rights, independent media, education, and social justice. As the world moves online — a factor accelerated by COVID-19 — access to powerful cybersecurity tools is critical for organizations around the world. Our goal at Cloudflare is to help build a better Internet. Part of that goal is helping those who are disproportionately targeted by cyber attacks due to their critical work. We do this by providing the tools they need to stay online to continue their mission in serving the public good.

For the 7th anniversary of Project Galileo, we want to provide a glimpse of what we work on every day when it comes to protecting vulnerable groups on the Internet. Below are some of these stories with information on threats against these groups, highlights from the past year as well as new tools organizations utilize to protect against cyber threats.

Highlights from the past year

  • In the past year, we have seen a 50% increase in organizations that receive protection under Project Galileo. There are now more than 1,500 in 111 countries.
  • We partner with 40 civil society organizations that review and approve websites for protection under Project Galileo.
  • There are 5x as many cyberattacks against all Project Galileo sites compared to our update last year, with 13 billion attacks between August 2020 and March 2021. This is an average of 53 million cyber attacks per day in the past eight months.
  • Project Galileo was recognized as a Spotlight Recipient by The Tech Spotlight at Harvard Kennedy School’s Belfer Center for its commitment to serve the public good in areas of digital technologies.
Celebrating 7 Years of Project Galileo

Project Galileo Radar dashboard

In September 2020, we launched Radar, a platform that provides insight into Internet trends to help anyone understand security, performance and usage of the Internet. For Project Galileo, we wanted to identify the types of attacks these groups face to better equip researchers, civil society and organizations that are targeted with best practices for safeguarding their website and internal data.

In the last year, as many organizations moved to online operations, this opened the floodgates to malicious cyber activity. To learn more about the cyber attacks those protected under the project suffer, visit our Project Galileo 7th Anniversary Radar Dashboard.

Celebrating 7 Years of Project Galileo

Project Galileo and Harvard Tech Spotlight

This year, we were thrilled for Project Galileo to be recognized as a Spotlight Recipient by The Tech Spotlight at Harvard Kennedy School’s Belfer Center. The Tech Spotlight recognizes projects and initiatives that demonstrate a commitment to public purpose in the areas of digital technologies. Nominations are evaluated based on their proven ability to reduce societal harms and protect public purpose values including privacy, safety and security, transparency and accountability, and inclusion. In the past year, we have seen how people interact and utilize the Internet, the increase in malicious cyber attacks as well as sophisticated attacks against social justice groups, and an increase in application to the project from COVID-19 relief efforts. This has shown us new ways in which Project Galileo can help during times of crisis for a wide range of groups on the Internet.

Protecting internal applications for community-building nonprofits with Cloudflare Access

In the past year, we learned how organizations had to quickly implement a work-from-home solution and many of the risks associated with this shift to remote working. Due to the increased need for secure remote access while also maintaining a strong security posture, we started offering Cloudflare Access under Project Galileo. At a high level, Access gives organizations the ability to secure internal applications — such as internal knowledge resources of help desk platforms. In the case of Project Galileo, when volunteers connect to these applications they must authenticate with their identity provider — such as Google or Okta. Then Cloudflare checks their login against rules the IT administrator has deployed and, if permitted, allow them to access the application. This provides a secure remote work environment by not allowing unauthorized access to sensitive internal applications.

Learn more about how Project Galileo participants, World University Service Canada and Unbound use Access to secure their remote workforce.

World University Service of Canada, Canada

Celebrating 7 Years of Project Galileo

World University Service of Canada is a Canadian non-profit organization that works in international development with a diverse network of students, volunteers, schools, governments, and businesses. “Through this program, we work with the Canadian post-secondary community to provide access to resettlement and higher education for young refugees. Since 1978, our network has resettled more than 2,000 refugee youth to Canada where they are able to build a better future for themselves and their families,” says Ken Fraser, the Deputy Director of IT and Digital Transformation at the organization. Ken wears many hats at WUSC with a team of five providing IT services and support for staff around the world.

“A big challenge we had previously was that our security tools only protected internally hosted applications. For any sites we hosted with an external provider there were no monitoring or security tools available, aside from whatever the service provided,” says Ken. “This has all changed now with Cloudflare. Any site that we proxy through the Cloudflare network has the same reporting, performance and security features such as the web application firewall available whether internally or externally hosted.”

For internal applications, WUSC uses Cloudflare Access to keep their team in Canada and abroad secure when accessing the organization’s internal applications. Ken explains, “Cloudflare Access has been an integral part of securing our sites, and even more so now that we’re all working from home. For example, all of our sites using WordPress are protected with a Cloudflare Access policy in order to prevent anyone on the Internet from getting to the login page, and only specific email addresses added to the policy can get through. It was very simple to set up within Cloudflare and had an immediate benefit to the security posture of our sites.” With Access, Ken and the team can monitor and enforce rules to ensure that unauthorized attempts to access their WordPress login pages stop at Cloudflare’s network first.

You can read the World University Service of Canada’s case on the Project Galileo website.

Unbound, United States

Celebrating 7 Years of Project Galileo

Unbound is an international nonprofit based in Kansas City, with an ambitious goal of bringing people together to challenge poverty in new and innovative ways in 19 countries around the world. The organization differs from the typical child sponsorship charity, as they sponsor a range of people from children to elders — they are actually one of the few organizations that offers sponsorships to the elderly. “At Unbound, our mission is to walk with the poor and marginalized of the world, and we do that by providing personal attention and direct benefits to children, youth, elders and their families, so they may live with dignity, achieve their inherent potential and participate fully in society,” explains John Dougherty, the Director of Technology Services for Unbound.

The organization applied for Project Galileo as a way to increase their security posture and secure their public-facing website, as well as some custom-built web-facing applications used by staff spread across the 19 countries the organization operates in. We first used Cloudflare Access to protect the admin side of the website for many of our staff members”, says Dougherty. In March 2020, due to the spread of COVID-19, Dougherty and the IT team had one week to implement a secure work-from-home solution for their staff. “We needed a way for our staff to access the organization’s internal ticketing system, help desk, and knowledge base in a simple and reliable manner. Now, more than 150 users can easily access the services they need to continue to provide support to those in need.”

With Project Galileo, the organization has the ability to focus on their mission of helping others while not having to worry about data breaches or being taken offline. Dougherty explains, Project Galileo has given us the ability to leverage technology to help us operate in a lean and efficient way. Anytime Unbound receives these types of services to secure our website and not have to worry as much about being taken offline due to a cyber attack or have sensitive information compromised, we can spend more time and money on providing direct support to families living in extreme poverty.”

You can read the Unbound case on the Project Galileo website.

Protecting journalists & LGBTQ+ organizations from malware and phishing attacks with Cloudflare Gateway

Beyond organizations using Cloudflare Access to protect access to their internal applications, we also had organizations reaching out and asking about the best way to protect their internal data due to a surge in malware and cyber attacks. We started to offer Cloudflare Gateway under Project Galileo as organizations shifted from office settings to home offices. Gateway uses DNS filtering to block malicious content, ransomware, and phishing before your browser has a chance to load it. It acts as a filter, and automatically blocks unsafe content from web traffic to stop cyber threats and data breaches. As many of these attacks are sophisticated and personalized to organizations, these attacks target human rights groups, journalists and civil society around the world every day. Gateway is a tool that can easily block these threats so workers do not accidentally click malicious links.

Learn about how a local journalism group in New Jersey and LGBT+ helpline in the UK uses Gateway to protect against these threats.

New Brunswick Today, United States

Celebrating 7 Years of Project Galileo

New Brunswick Today has been serving the city of New Brunswick, NJ (home to Rutgers University) since 2011. The paper covers community matters, corruption, culture, real estate development and more. Recently, the paper has been focused on the spike in gun violence since the COVID-19 pandemic. Justin Freid, head of digital strategy at New Brunswick Today, turned to Cloudflare to help mitigate repeated attacks on the site that started in late 2015. He is familiar with journalists being threatened and harassed due to the sensitive nature of their work. “Our journalists have been targeted with physical and online threats, so we have to be diligent and aware of the security tools and precautions we use,” says Freid.

New Brunswick Today appeared on an episode of Full Frontal with Samantha Bee focused on saving local news, highlighting the importance of local journalism and its role in the community after one of NBT’s stories caught nationwide attention for its coverage of public corruption at the city water utility.

During COVID-19, the organization started to use Cloudflare Gateway to filter and block malicious attacks and phishing attempts. They route their traffic through Gateway, with policies maintained and enforced via Cloudflare’s dashboard specifically for their editors’ devices. We use Gateway on our editors so that we can browse more confidently. As a local newspaper, we receive source material and are worried it may contain malware looking to thwart our systems and possibly steal sensitive information about pieces that are being written by the paper,” says Fried. “The idea that Cloudflare is able to filter malware before it reaches our device, increases confidence for our journalists that they need when they write, investigate and publish stories to keep citizens of New Brunswick informed on local issues.”

You can read the New Brunswick Today case on the Project Galileo website.

Switchboard LGBT+ Helpline, United Kingdom

Celebrating 7 Years of Project Galileo

Switchboard is one of the oldest telephone helplines in the United Kingdom founded back in 1974 to provide support and information to people of all kinds but especially those who identify as LGBT+. Fast-forward to 2021 and the organization is in high gear, with an average of 1,500 unique service users a month connecting with volunteers who are available seven days a week.

“Our goal at Switchboard is to provide a safe judgement free-space for those who need support. We have people that call in to talk about things such as seeking help in navigating their gender identity, looking for resources on mental health in the UK, or to discuss issues in their community when it comes to LGBT+ rights,” explains Pete Hannam. Switchboard is a volunteer-led charity so Hannam holds many responsibilities from answering phone calls and providing support to callers, to developing and securing the organization’s online platform.

Switchboard started as a phone helpline but with the growth of emerging technologies and new forms of communications over the years, they adapted by adding new channels such as email and real-time chat. Technology also helped the organization respond to COVID-19 quickly, and they transitioned their platform to be fully online quickly to handle the many calls, emails and chats that volunteers at Switchboard received related to the uncertainty of the pandemic on careers and social disengagement with people around the world. Hannam estimates the organization saw an increase in communication via email and chat grow from 30% to 55%.

Switchboard joined Project Galileo in May 2019 primarily to have more visibility into HTTP traffic including threats that targeted their site. “We had very basic web services with no idea what type of traffic or access people may have had to our backend systems. Unfortunately, our site was hacked because of a vulnerability in a WordPress plugin. We had no visibility into our traffic or threats before Cloudflare and due to this didn’t realise that our site had been compromised,” explains Hannam. “As an organization that provides a platform for those sharing sensitive information about things such as gender identity or abuse they suffered, trust is essential for us and presenting an insecure platform is a huge breach of respect and professionalism.” The organization was accepted to Project Galileo and immediately enabled Cloudflare SSL certificates to encrypt, authenticate and provide a sense of trust to users that use the organization’s support services. From there, they used the web application firewall to automatically block hackers’ attempts to exploit vulnerabilities in their website’s PHP code.

In the past year, Switchboard implemented Cloudflare Gateway. As the organization looks toward the future, which includes returning to the office in some form, they were looking for a solution to automatically block viruses and phishing attempts that spread over the Internet through malicious web pages. Gateway helps as a first layer of defence against most security threats and prevents the organization’s network and devices from getting infected by malicious software that their volunteers may accidentally download. Hannam explains, “We have the exact same issues as large companies, possibly even more targeted due to the sensitivity of our work, with significantly fewer resources. So it is important for organizations such as ours to have the opportunity to use advanced security tools, and Cloudflare’s Project Galileo allows us access to these tools to keep our site reliable, secure and trustworthy.”

You can read the Switchboard UK case on the Project Galileo website.

To the future…

As world events shape the ways in which organizations maintain their online platforms and workforce, Project Galileo has adapted to these situations. We look forward to continuously working with our civil society partners on the best way to support organizations and provide products that help them stay online, secure their internal teams, and focus on their mission of helping the greater good.

2020 U.S. Election: Cybersecurity Analysis

Post Syndicated from Jocelyn Woolbright original

2020 U.S. Election: Cybersecurity Analysis

As the election season has ramped down and the new Presidential Administration begins, we think it’s important to assess whether there are lessons we can draw from our experience helping to provide cybersecurity services for those involved in the 2020 U.S. elections.

Cloudflare built the Athenian Project – our project to provide free services to state and local election websites – around the idea that access to the authoritative voting information offered by state and local governments is key to a functioning democracy and that Cloudflare could play an important role in ensuring that election-related websites are protected from cyberattacks intended to disrupt that access. Although the most significant challenges in this election cycle fell outside the realm of cybersecurity, the 2020 election certainly validated the importance of having access to definitive sources of authoritative election information.

We were pleased that the robust cybersecurity preparations we saw for the 2020 U.S. election appeared to be successful. From the Cloudflare perspective, we had the opportunity to witness firsthand the benefits of having access to free cybersecurity services provided to organizations that promote accurate voting information and election results, state and local governments conducting elections, and federal U.S candidates running for office. As we protect many entities in the election space, we have the ability to identify, learn and analyze attack trends targeted at these sites that provide authoritative election information. We hope that we will continue to be able to assist researchers, policymakers and security experts looking to support best practices to protect the integrity of the electoral process.

Supporting free and fair elections

Many state and local governments bolstered their security postures ahead of the 2020 elections. There have been partnerships between governments, organizations, and private companies assisting election officials with the tools and expertise on best ways to secure the democratic process. Additionally, the spread of COVID-19 has prompted unprecedented challenges on how citizens can vote safely and securely.

Before the 2020 U.S. election, we detailed much of the activity targeting those in the election space to prepare for election day. To the relief of security experts, there were no significant publicly reported cybersecurity incidents as Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency during the 2020 election described it as “just another Tuesday on the Internet.” On November 12, 2020, a joint statement from the leading election security organizations stated “The November 3rd election was the most secure in American history . . . [T]here is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

At Cloudflare, we had a team of over 50 employees monitoring and addressing any issues to ensure we were providing our highest level of support to those working in the election space. It is important to note that our services do not protect electronic voting boxes or ballot counters; instead, Cloudflare services provide protection to websites, applications, and APIs. But we do protect many websites that provide pertinent information on the electoral process in the United States. This includes a wide range of players in the election space that facilitate voter registration, provide information on polling places, and publish election results. Since the 2016 election, state and local government websites that provide information such as voter registration, polling places, and election results, which have been increasingly targeted with cyberattacks.

Protecting organizations in the election space with Project Galileo

We launched Project Galileo in 2014 to provide a free set of security services to a range of vulnerable groups on the Internet such as human rights organizations, journalists and social justice organizations. Under the project, we currently protect more than 1,400 organizations working in regions all over the world with many organizations that work towards providing accurate voting information, tackling voter suppression, providing resources on voting rights and publishing election results. Cloudflare works with a variety of different types of non-governmental entities under Project Galileo, but we generally put them into two groups: participants, who are granted the benefits of Project Galileo, and partners, who work with us to identify other organizations who might be worth supporting. Our partners are typically larger civil society organizations and high profile NGOs, who work with entities who might benefit from our services and decide who should receive Cloudflare protections under the project.

Many of these organizations need cybersecurity protections well before election day. Belmont University is a private, four-year university located in Nashville, Tennessee. Shortly after the University was selected to be the site of the third and final 2020 U.S. Presidential Debate, the University reached out to Cloudflare asking for assistance. As part of the support for the debate, Belmont launched a new website to provide a centralized space for volunteers, media, and the community to prepare and organize the debate.

The project was quickly accepted to Project Galileo and we worked with Paul Chenoweth, Web Programming Service Manager for Belmont University to tackle concerns over server capacity, visitor traffic, site security, and analytics. Chenoweth explains, “We faced a number of web site challenges in 2008 when the university hosted the Town Hall Presidential Debate and with a totally new set of conditions in 2020, we did not know what to expect. We were worried about our site being taken down by malicious actors but also by unpredictable surges in traffic to the site. The Cloudflare team helped us create firewall rules, lock down our origin, and provided support during the Presidential debate.” Due to the spread of COVID-19, the debate website was the primary source of information for media registration, volunteer applications, and the event calendar for more than 40 themed virtual education events for the community. Overall, the university saw a 5x increase in traffic and blocked more than 80,000 malicious HTTP requests targeting their site.

Read stories from these organizations and Project Galileo here.

2020 U.S. Election: Cybersecurity Analysis

Under Project Galileo, we provide powerful cybersecurity tools to assist organizations such as Vote America, U.S. Vote Foundation, Decision Desk HQ, and many more working in the election space to identify and mitigate attacks targeting their web infrastructure. Along with protection from malicious DDoS attacks, our services also help with large influxes of unexpected traffic as organizations tend to see traffic spikes during voter registration deadlines. During the months leading up to elections, many of these organizations provided up to date information on the changing voting processes due to COVID-19. During the ballot count, many organizations posted election results online as state and local governments began reporting official numbers.

2020 U.S. Election: Cybersecurity Analysis

Many of the election-related organizations under Project Galileo allow you to register to vote, view the status of your voting ballot, and much more. States often hold their state and presidential primaries on different dates with the earliest primaries for 2020 held in March with 24 states and June with 23 states. When looking at cyberattacks against election organizations during the elections, the Cloudflare WAF blocked more than 10 million attacks in 2020. We can see that the WAF mitigated a majority of attacks during these two months, as many states held elections and voter registration deadlines.

2020 U.S. Election: Cybersecurity Analysis

Protecting election websites with the Athenian Project

In 2017, we launched the Athenian Project to provide our highest level of service to U.S. state and local governments running elections. This includes county board of election websites, Secretaries of State, and many smaller municipalities that register citizens to vote and publish election results. Under the Athenian Project, we protect more than 275 election entities in 30 states. In the past year, we onboarded more than 100 government election sites in preparation for the November 3rd election.

Read stories from state and local governments protected under the Athenian project here.

2020 U.S. Election: Cybersecurity Analysis

During the month leading up to elections, we had a team of engineers ready to assist state and local governments looking for help protecting their websites from cyberattacks. We onboarded Solano County in California, who engaged with our team on the best way to secure their election resources as we approached November 3rd.  The right to a free and fair election is one of the most basic civil rights we enjoy as Americans; it is a right upon which many of our foundational civil rights depend. Creating the conditions for transparent, clear, and truthful communications about the process and outcomes of elections is crucial to maintain the public trust in our electoral process, says Tim Flanagan, Chief Information Officer for Solano County. In a few hours, we onboarded the county to Cloudflare and implemented best-practices tailored for election entities that use our services under the Athenian Project. Cloudflare’s services added additional layers of security to our web presence that raised confidence in our ability to assure County’s residents that our election results were trustworthy.

Starting in November, we saw traffic to government election sites increase as many people looked for polling places or how to contact local election officials. We also saw those traffic spikes after election day, as many election websites post periodic updates as the counting of ballots ensues. We reported many of these traffic spikes in the Election Dashboard with Cloudflare Radar.

2020 U.S. Election: Cybersecurity Analysis

For cyberattacks targeting government election websites, we found a majority of attacks before election day and primarily in September with about 50 million HTTPS requests blocked by the web application firewall.

2020 U.S. Election: Cybersecurity Analysis

From November 4 to November 11, the WAF mitigated 16,304,656 malicious requests to sites under the Athenian Project. During this time, many state and local governments were counting ballots and posting election results to their websites. A majority of attacks were blocked by the managed ruleset in the WAF – a set of rules curated by Cloudflare engineers to block against common vulnerabilities – including SQLi, cross-site scripting and cross-site forgery requests. These are not sophisticated attacks that we see, but hackers looking for vulnerabilities to access or modify sensitive information. For example, file inclusion is an attack targeting web applications to upload malware to steal or modify the content of the site.

2020 U.S. Election: Cybersecurity Analysis

Protecting Political Campaigns in 2020

In January 2020, we launched Cloudflare for Campaigns, a suite of free security services to federal campaigns with our partnership with Defending Digital Campaigns. During the course of the year, we onboarded 75 campaigns ranging from House, Senate, and Presidential candidates running for election in 2020. At Cloudflare, we have a range of campaigns that use our services ranging from free up to our Enterprise level plan. Overall, we protected more than 450 candidate sites running for federal office in 2020.

In 2020, the average number of attacks on U.S. campaign websites on Cloudflare per month was about 13 million. When comparing attacks against political campaigns and government election sites, we saw more DDoS attacks rather than hackers trying to exploit website vulnerabilities. As depicted below, campaigns used Cloudflare’s layer 7 DDoS protection that automatically monitors and mitigates large DDoS attacks, alongside rate-limiting to mitigate malicious traffic. For election websites, it’s clear that hackers tried to exploit common website vulnerabilities that were blocked by the WAF and firewall rules, with the goal of gaining access to internal systems rather than make the site inaccessible like we see in DDoS attacks.

2020 U.S. Election: Cybersecurity Analysis
2020 U.S. Election: Cybersecurity Analysis

Lessons learned and how we move forward

We learned a lot from preparing for the 2020 U.S. election while engaging with those in the election space and learned to be flexible in the face of the unexpected. We learned that COVID-19 had impacted many of these groups at a disportionate rate.  For example, organizations that work in promoting online voter registration were well suited for the move to online that we found ourselves in during COVID-19. For political candidates, they had to adapt to moving campaign events and outreach to an online environment rather than the traditional campaign operations of door-knocking and large fundraising events. This move online meant that campaigns needed to pay more attention to digital risks.

We also learned as we approached the November election that the election space involves a range of players. Protecting elections requires not only working with governments to secure their websites for the unexpected, but also working with campaigns and non-profit organizations who work on election-related issues. We appreciated the fact that Cloudflare has many different projects that support a range of players working in promoting trust in the electoral process, giving us the flexibility to protect them. Many of these players need different levels of support and assistance with how to properly protect their web infrastructure from cyberattacks, and having a range of projects offering a different level of plans and support, helped us in finding the best way to protect them. We were able to provide a free set of services to a wide range of players each with separate goals but a common mission: providing authoritative information to build trust in the electoral process.

Both the awareness of the importance of election security and election security itself has improved since the 2016 election. We have seen the benefits of sharing information across many partners, organizations, and local players. To help prepare state and local governments for elections, we conducted webinars and security tunings sessions for many of these election players. In the case of state and local governments we protect under the Athenian Project, as we conducted more security training, we saw many participants recommend others in their state to ensure they were protected as well. For example, a week before the general election, the Wisconsin Election Commission sent an election security reminder with resources on how to mitigate a DDoS attack with Cloudflare to county and municipal clerks across Wisconsin.

At Cloudflare, we worked with a variety of government agencies to share threat information that we saw targeted against these participants. Days before the November 3rd election, we were invited to the last meeting conducted by the Cybersecurity and Infrastructure Security Agency to share threats data we had seen against government election websites and how they could be mitigated to more than 200 general election stakeholders, including counties across the United States.

Weeks after the election, I spoke with Stacy Mahaney, the Chief Information Officer at the Missouri Secretary of State, which is currently protected under the Athenian Project. His comment aptly summarized Cloudflare’s security practices. Security is like an onion. Every layer of security that you add protects against various layers of attack or exposure. We were able to add layers to our security defenses with Cloudflare. The more layers you add, the more difficult it is for attackers to succeed in making voters question the trust of the democratic process that we work to protect every day.”  Information security is about prevention and detection and is a continual process that involves monitoring, training, and threat analysis. By adding more layers including tools such as a web application firewall, 2FA, SSL encryption, authentication protocols, and security awareness training, it makes it more difficult for hackers to penetrate through the security layers.

Although cybersecurity experts concluded that the 2020 election was one of the safest in the history of elections, the work is not done yet. Not only will future U.S. election cycles begin again soon,  but election security is a global concern that benefits from the involvement of experienced players with appropriate expertise. The longer we engage with those working with those in the election space, the more we learn the best ways to protect their web infrastructure and internal teams. We look forward to continuing our work to protect resources in the voting process and help build trust in democratic institutions.