On Sunday, September 28, 2025, the Republic of Moldova held a parliamentary election that was described as a referendum on its geopolitical future. The election was conducted amid claims of Russian interference, both online and offline. Ensuring the security of the election infrastructure was a critical priority, not just to protect the vote count, but to guarantee the system’s resilience so that all Moldovans could access authoritative information about the election.
We were proud to support the Moldovan Central Election Commission (CEC) ahead of their September 28th election. Consistent with public reporting, cyberattacks were not the story; the focus remained on the democratic process. We want to share what we found as we provided assistance to the CEC on election day.
Elections in Moldova
The 2025 elections in Moldova were viewed by many as a defining moment for the country. Specifically, it pitted the countries’ pro-European government against an opposition seeking closer alignment with Russia. The entire election process was carried out under intense pressure from foreign interference, employing a wide range of hybrid tactics. Beyond disinformation and illegal funding, the Moldovan state faced constant digital threats and was on high alert for planned post-election violence aimed at promoting distrust in the country’s democratic institutions. For the nation, ensuring the security and integrity of the election was a priority.
Several days before the election, Cloudflare onboarded the Moldova Central Election Commission (CEC), amid concerns over increasing cyberattacks. Since 2017, through the Athenian Project, we have provided protection to over 450 state and local government election entities in the United States. We were able to provide this expertise to the CEC and in less than a week we onboarded many of their election websites and quickly deployed mitigation strategies to help prepare them for election day.
Cyber attacks to the Moldova Election Commission
Cloudflare data shows that the Moldovan Election Commission experienced significant cyber attacks during the recent elections. From September 27 to September 29, 2025, our data shows how Moldovan citizens used the Internet to follow the political process and highlights the efforts by malicious actors to disrupt key election services.
For example, on September 28, 2025, the Moldovan Central Election Commission (CEC) experienced a series of concentrated, high-volume (DDoS) attacks strategically timed throughout the day. The attack began in the morning at 09:06:00 UTC and lasted for over twelve hours and ended as the official result reporting was underway at 21:34:00 UTC. In total, we mitigated over 898 million malicious requests directed at the CEC over the twelve-hour period.
Cloudflare systems categorized this activity into 11 attack “chunks” — which is a term used to denote a multi-wave pattern indicating a sophisticated attack. These initial bursts began during peak afternoon voting hours, with one of the most intense chunks, Chunk 5, striking before the polls closed at 15:31:00 UTC and hitting the largest recorded peak of 324,333 requests per second (rps).
Malicious traffic continued after the polls officially closed (18:00 UTC), directly targeting the result reporting phase. Multiple sustained waves, including attacks that peaked at over 243,000 rps, were mitigated. Fortunately, Cloudflare’s automated defenses successfully stopped the attacks in real-time, ensuring the CEC website remained online and accessible for Moldovan citizens.
The Moldovan government confirmed the attacks, as the Information Technology and Cybersecurity Service (STISC) reported a wide-ranging campaign targeting the CEC.md platform, government cloud systems, and diaspora voting stations. STISC also confirmed that the attacks were successfully neutralized, without any impact on the availability or integrity of electoral services.
“On behalf of the Information Technology and Cybersecurity Service (STISC), the institution technically responsible for ensuring cybersecurity of the electoral process conducted by the Central Electoral Commission of the Republic of Moldova on 28 September, we would like to extend our sincere gratitude for your outstanding support. We truly appreciate the opportunity to use your advanced systems and enterprise licenses during this critical period. Despite facing numerous DDoS attacks, thanks to your effective protection, no service interruptions were experienced, and the public remained unaffected.” – STISC Team, Information Technology and Cybersecurity Service, Republic of Moldova
“Cloudflare’s support was essential for Moldova’s parliamentary elections, ensuring uninterrupted access to real-time results for citizens at home and abroad. Their resilient infrastructure allowed us to withstand heavy DDoS attacks and protect the integrity of the democratic process.” – Anatolie Golovco, Cybersecurity and Digital Transformation Expert in the Office of the Prime Minister of Moldova
Other democracy, media and civic related targets under attack
While the Central Election Commission was the primary target, it was not the only one. On September 28, 2025, Cloudflare mitigated hundreds of millions of malicious requests aimed at Moldovan election-related, civil society and news websites. The Commission’s site absorbed the largest share, peaking near 900 million requests in a single day. But it wasn’t alone: a civic participation portal, democracy related services, a relevant broadcaster, and independent news outlets also saw significant DDoS traffic. As the chart shows, these combined attacks created a surge of hostile traffic on election day, showing what seems to be a campaign against both official institutions and public information channels.
One particularly intense application-layer wave hit a democracy-related parliamentary site, peaking at over 243,000 requests per second.
These attack patterns mirrored those against the election authority, suggesting a coordinated effort to disrupt both official election processes and the public information channels voters rely on. Cloudflare’s automated protections mitigated these multi-wave attacks in real time, keeping critical information channels available throughout the electoral timeline.
Securing the democratic process
Democracies around the world are increasingly targeted by cyberattacks. Through our Impact programs, we strive to keep websites vital to democracy — like voter registration sites, election information portals, campaign websites, and news sites — secure and available. From monitoring traffic patterns to mitigating cyberattacks, Cloudflare has observed trends that show the importance of online services during elections and the increasing attacks targeting them.
In the Moldovan parliamentary elections, the pro-Western governing party won a clear majority, defeating pro-Russian groups. We are proud to have provided services to the Moldovan Central Election Commission in securing the vote, ensuring that citizens—not malicious actors—determined the country’s future. To learn more about the Athenian Project, visit: https://www.cloudflare.com/athenian/
Elections are not just a matter of casting ballots. They depend on citizens being able to register to vote and accessing information about candidates and the election process, which in turn depend on the strength and security of the Internet. Despite the risks posed by potential cyberattacks aimed to disrupt democracy, Cloudflare did not observe any significant disruptions to campaigns or local government websites from cyberattack.
Tuesday, November 5, 2024 was Election Day in the United States. It not only decided the next president and vice president but also included elections for the US Senate, House of Representatives, state governorships, and state legislatures. Results confirm that Republican Donald Trump won the presidential election.
In this blog post, we examine online attacks against election-related sites — some of which were notable but none were disruptive — and how initial election results impacted Internet traffic across the US at both national and state levels, with increases in traffic as much as 15% nationwide. We’ll also explore email phishing trends and general DNS data around news interest, the candidates, and election-related activity.
We’ve been tracking 2024 elections globally through our blog and election report on Cloudflare Radar, covering some of the more than 60 national elections around the globe this year. At Cloudflare, we support many of these efforts to ensure a secure and trustworthy election process. We worked closely with election officials, government agencies, and civil society groups across the country to ensure that groups working in the election space had the tools they needed to stay online.
In the 24 hour period from October 31 – November 1, Cloudflare automatically mitigated over 6 billion HTTP DDoS requests that targeted US election-related websites–such as state and local government election sites and political campaigns. There were no significant disruptions to the targeted websites during this time period.
The day before the election, DNS traffic to Trump/Republican and Harris/Democrat websites peaked, with daily DNS traffic rising 59% and 4% respectively.
On election day, states in the midwest saw the highest traffic growth across the US, as compared to the previous week.
Internet traffic in the US peaked after the first polling stations closed, with a 15% increase over the previous week.
DNS traffic to news, polling, and election websites also saw large traffic jumps. Polling services were up 756% near poll closures and news sites were up 325% by late evening.
How Cloudflare assists with election infrastructure
Cloudflare’s goal is to ensure that sites that enable democracy — such as voter registration sites, election information portals, campaign websites, and results reporting platforms — remain secure and accessible, especially under heavy traffic periods or cyberattacks. Through our Impact programs, we provide essential cybersecurity resources to more than 800 websites that work on election infrastructure.
Project Galileo: Launched in 2014, Project Galileo provides free Business level services to media organizations, human rights defenders and non-profit organizations around the world. We protect more than 65 Internet properties related to elections in the United States that work on a range of topics related to voting rights, promoting free and fair elections, and posting election results. These organizations include Vote America, Decision Desk HQ, US Vote Foundation, and Electionland.
Athenian Project: Launched in 2017, the Athenian Project provides state and local governments that run elections with free Enterprise level services to ensure that voters can access accurate and up-to-date information about voter registration, polling places, and election results without interruption. We currently protect 423 websites in 33 states under the project.
Cloudflare for Campaigns: Launched in 2020, in partnership with Defending Digital Campaigns, Cloudflare for Campaigns provides a package of products to address the increasing risks posed by cyberattacks on political campaigns and state parties. We currently protect more than 354 campaigns and 34 state-level political parties in the United States.
Since 2020, we’ve strengthened our partnerships with election officials, government agencies, and nonprofits to provide essential protections. Throughout 2024, we’ve collaborated with CISA (Cybersecurity and Infrastructure Security Agency) and the Joint Cyber Defense Collaborative, briefing over 300 election officials on emerging threats and conducting 50+ calls with state and local governments to review security practices. Additionally, we held webinars on cyber threats to election groups and strategies for protecting election infrastructure.
With Defending Digital Campaigns, we worked to onboard more than 90 campaigns and parties weeks before election day. As part of this, we also worked with political vendors managing campaign infrastructure to provide insight on emerging threats and how to mitigate. Under Project Galileo, we onboarded more than 60 local media and journalism sites reporting on elections to ensure they can provide timely, accurate information on voting processes, candidate platforms, and election results.
Political and election-related cyber attacks
As we’ve seen several times this year, specific DDoS (Distributed Denial of Service) attacks often target political party or candidate websites around election day. While online attacks are frequent and not always election-related, we saw recent DDoS incidents in France, the Netherlands, and the U.K. focused on political parties during election periods.
In the US, we saw a similar uptick in attacks immediately prior to the election. Cloudflare blocked cyberattacks targeting websites affiliated with both parties, attempting to take the sites offline. Although some attacks had high volumes of traffic, the targeted websites remained online.
DDoS attacks targeting US political or elections-related Internet properties in particular clearly picked up starting in September, with the more than 6 billion HTTP DDoS requests seen during the first six days of November exceeding the volume seen during all of September and October.
Some campaign websites drove most of the malicious HTTP request traffic as part of DDoS attacks, with a clear increase since October 1, compared to minimal DDoS activity earlier in 2024.
Let’s look at a few examples of specific DDoS attacks, as these are easier to track.
High-profile campaign website, October 29 – November 6
Cloudflare blocked a series of DDoS attacks targeting a high-profile campaign website. The attacks began on October 29, with a four-minute spike reaching 345,000 requests per second. On October 31, more intense attacks followed, with the first lasting over an hour, peaking at 213,000 requests per second. Hours later, on November 1, a larger attack reached 700,000 requests per second, followed by two more waves at 311,000 and 205,000 requests per second.
Over 16 hours, Cloudflare blocked more than 6 billion malicious HTTP requests between October 31 and November 1. Additional attacks continued on November 3, with peaks at 200,000 requests per second (rps); on November 4, at 352,000; on Election Day, November 5, at 271,000 around 14:33 ET (11:33 PT); and on November 6, at 108,000.
Our data shows that the attacker(s) randomized user agents, attempted cache-busting techniques (methods to bypass cached content and overload servers with unique requests), and employed a geodiverse approach.
The DDoS attack on November 1 reached peak bandwidth of over 16 Gbps sent to Cloudflare and maintained over 8 Gbps throughout the main attack, which lasted more than two hours.
US campaign infrastructure website, November 3
Attackers also expanded their attacks beyond campaign sites, to political parties and their infrastructure, attempting — unsuccessfully — to disrupt services. For example, on November 3, 2024, a DDoS attack targeted infrastructure associated with a major campaign, lasting two minutes and reaching 260,000 malicious HTTP requests per second.
US state political party, October 29
On October 29, 2024, a high-volume DDoS attack targeted a U.S. political party website from a specific state. The attack lasted over four hours, from 12:00 to 17:29 ET (09:00 to 14:29 PT), and peaked at 206,000 requests per second. In total, over 2 billion malicious HTTP requests were blocked that day as part of this DDoS attack.
The same method used in the November 1 attack on one of the main campaign websites, mentioned above, was also used in this case. Here, the DDoS attack reached a peak of 5.7 Gbps sent to Cloudflare by the attacker, and sustained over 3 Gbps for most of its four-and-a-half-hour duration.
US counties as a target, September 13
Since September, US state and local websites protected by Cloudflare under the Athenian Project have experienced increased DDoS attacks, particularly targeting specific counties. These types of sites have seen over 290 million malicious HTTP requests since September 1, with 4% of all requests blocked as threats. These attacks were less frequent and intense than those on US political campaigns infrastructure.
On September 13, 2024, a DDoS attack targeted a county website from 19:29 UTC to 22:32 UTC (15:29 to 18:32 ET), lasting three hours and peaking at 46,000 of malicious HTTP requests per second.
These rates of DDoS attacks are already significant, even more so when we compare it with the 2020 US presidential election. In 2020, we saw more varied blocked cyberattack HTTP requests, split between WAF (Web Application Firewall) and firewall rules, and DDoS attacks. There were also significantly fewer blocked requests related to DDoS and WAF, with nearly 100 million in the whole month of October 2020 and close to 25 million in November 2020, the month of the election. In contrast, during November 1-6, 2024, alone, we observed over 6 billion malicious HTTP requests in DDoS attacks targeting campaigns.
It’s also important to note that even smaller attacks can be devastating for websites not well-protected against such high levels of traffic. DDoS attacks not only overwhelm systems but also serve, if successful, as a distraction for IT teams while attackers attempt other types of breaches.
Internet traffic in the US grows after polls closed
Generally, election days do not lead to drastic changes in Internet traffic. Traffic usually slightly dips during voting hours, though not as sharply as on national holidays, and rises in the evening as results are announced.
In the US, a similar pattern was observed on November 5, 2024, with increased Internet traffic at night. However, traffic throughout the day was generally 6% higher than the previous week, starting as early as 09:15 ET (06:15 PT). This may also be because, unlike in other countries, Election Day in the US is on a weekday rather than a weekend and is not a national holiday. Internet traffic peaked after the first polls closed, around 21:15 ET (18:15 PT), as TV news stations displayed countdown clocks. At that moment, traffic was 15% higher than the previous week.
Note: The previous 7 days line that appears in the next chart is one hour behind due to the Daylight Saving Time change over the weekend in the US. All growth calculations in this post take that change into account.
The biggest spike in traffic growth (compared to the previous week) of Election Day occurred at around 01:30 am ET (22:30 PT), when projections began to favor Trump for the presidential victory and Fox News called Pennsylvania in his favor, with traffic rising 32% compared to the previous week. Later, during Donald Trump’s speech between 02:30 and 02:45 am ET (23:30 and 23:45 PT), Internet traffic was 31% higher than the previous week.
On Election Day, daily Internet traffic in the US reached its highest level of 2024 in terms of requests, showing a 6% increase compared to the previous week.
As expected for a typical election day, considering what we observed in other countries, the share of traffic from mobile devices was also slightly higher on Election Day at 43%, compared to 42% the previous week.
State-level traffic growth peaks at 21:00 ET (18:00 PT)
State-level traffic shifts on Election Day, compared to the previous week, reveal more detail than country-level data. The map below highlights the biggest traffic changes, peaking at 21:00 ET (18:00 PT) after polling stations began to close. Notably, traffic increased nationwide and at the state level on Election Day, unlike during the two-hour presidential debates, which were broadcast on nationwide TV.
The most significant traffic increases were observed in Maine (44%), South Dakota (44%), and Montana (44%). Interestingly, central states saw higher percentages of Internet traffic growth than coastal ones. More populous states, such as California (8%), Texas (19%), New York (22%), and Florida (23%), also experienced notable traffic increases.
The seven swing states that are considered to have been decisive in the election — Georgia, Michigan, Nevada, North Carolina, Pennsylvania, and Wisconsin (we’re not considering Arizona due to data issues) — each saw traffic growth between 17% and 36%. Here’s a more focused view of those swing states for easier consumption:
State
Growth in traffic
Local time
(in each state)
Georgia
25%
21:15
Michigan
34%
21:15
Nevada
17%
18:15
North Carolina
14%
21:15
Pennsylvania
33%
21:15
Wisconsin
36%
20:15
DNS trends: from news outlets to polling services
Switching our focus to domain trends, our 1.1.1.1 resolver DNS data reveals a clear impact during the US elections when analyzing specific categories.
Analysis of DNS traffic for US news media outlets shows that traffic from the United States rose significantly right after 09:00 ET (06:00 PT), increasing around 15%, compared to the previous week. Traffic continued to climb throughout the day, peaking between 22:00 and 23:00 ET (19:00 and 20:00 PT) with DNS request traffic volume 325% higher than the previous week. There was also a brief spike on Wednesday, November 6, at 05:00 ET (02:00 PT), showing a 117% increase.
We observed significantly higher DNS traffic for polling services websites — websites of platforms or organizations that conduct and publish polls — on Election Day, peaking at 13:00 ET (10:00 PT) with a 206% increase from the previous week, and again at 22:00 ET (19:00 PT), after the polls started to close, with a 756% increase. Daily traffic to this category was up 145% on Election Day, and 36% the day prior.
Election and voting information-related websites also saw a notable rise in DNS traffic around Election Day. Traffic clearly began to increase the day before the election, and peaked on November 5, 2024, at 12:00 ET (09:00 PT), with a 313% increase from the previous week. Daily traffic was 139% higher on Election Day, and 68% higher the day before.
Social media sites/applications, especially microblogging platforms like X and Threads, were also impacted during Election Day. DNS traffic for these microblogging platforms peaked at 22:00 ET (19:00 PT), aligning with spikes for news organizations and polling services, showing a 91% increase compared to the previous week. In this microblogging category, daily DNS traffic on Election Day rose by 12% from the previous week.
Regarding the two main presidential candidates, DNS traffic for their websites and their parties’ websites was much higher the day before the election than on Election Day. On November 4, 2024, daily DNS traffic to Trump and Republican websites was up 59% compared to the previous week, while traffic to Harris and Democrat websites, which had a more significant increase in DNS traffic the previous week, rose by 4%.
Candidate-related email phishing trends
From a cybersecurity perspective, trending events, topics, and individuals often attract more emails, including malicious, phishing, and spam messages. Our earlier analysis covered email trends involving “Joe Biden” and “Donald Trump” since January. We’ve since updated it to include Kamala Harris after the Democratic Convention and the Harris-Trump debate.
From June 1 through November 4, 2024, Cloudflare’s Cloud Email Security service processed over 19 million emails with “Donald Trump” or “Kamala Harris” in the subject line — 13.9 million for Trump and 5.3 million for Harris. Nearly half of these emails (49%) were sent since September. In the last 10 days of the campaign (since October 24), Harris was named in 800,000 email subject lines and Trump in 1.3 million.
Since June 1, 12% of emails mentioning Trump were marked as spam, and 1.3% were flagged as malicious or phishing. This rate has dropped since September 1, with only 3% marked as spam and 0.3% as malicious. For emails mentioning Harris, the rates were lower: 0.6% were marked as spam and 0.2% as malicious since June, increasing slightly to 1.2% spam and 0.2% malicious since September 1. Trump was mentioned more frequently in email subjects than Harris and was found in higher overall percentages of spam and malicious emails.
Conclusion: keeping track of elections
Although Cloudflare observed a notable increase in DDoS attacks on political and election-related sites, blocking billions of malicious requests, these attacks resulted in no significant disruption due to planning and proactive defenses. We share the Cybersecurity and Infrastructure Security Agency’s view that “our election infrastructure has never been more secure” and concur with their conclusion that “We have no evidence of any malicious activity that had a material impact on the security or integrity of our election infrastructure.” Keeping our elections secure and resilient is critical to the functioning of democracy, and Cloudflare is proud to have played our part.
If you want to follow more trends and insights about the Internet and elections in particular, you can check Cloudflare Radar, and more specifically our new 2024 Elections Insights report, which will be updated as elections take place throughout the year.
The modern use of “cloud” arguably traces its origins to the cloud icon, omnipresent in network diagrams for decades. A cloud was used to represent the vast and intricate infrastructure components required to deliver network or Internet services without going into depth about the underlying complexities. At Cloudflare, we embody this principle by providing critical infrastructure solutions in a user-friendly and easy-to-use way. Our logo, featuring the cloud symbol, reflects our commitment to simplifying the complexities of Internet infrastructure for all our users.
This blog post provides an update about our infrastructure, focusing on our global backbone in 2024, and highlights its benefits for our customers, our competitive edge in the market, and the impact on our mission of helping build a better Internet. Since the time of our last backbone-related blog post in 2021, we have increased our backbone capacity (Tbps) by more than 500%, unlocking new use cases, as well as reliability and performance benefits for all our customers.
A snapshot of Cloudflare’s infrastructure
As of July 2024, Cloudflare has data centers in 330 cities across more than 120 countries, each running Cloudflare equipment and services. The goal of delivering Cloudflare products and services everywhere remains consistent, although these data centers vary in the number of servers and amount of computational power.
These data centers are strategically positioned around the world to ensure our presence in all major regions and to help our customers comply with local regulations. It is a programmable smart network, where your traffic goes to the best data center possible to be processed. This programmability allows us to keep sensitive data regional, with our Data Localization Suite solutions, and within the constraints that our customers impose. Connecting these sites, exchanging data with customers, public clouds, partners, and the broader Internet, is the role of our network, which is managed by our infrastructure engineering and network strategy teams. This network forms the foundation that makes our products lightning fast, ensuring our global reliability, security for every customer request, and helping customers comply with data sovereignty requirements.
Traffic exchange methods
The Internet is an interconnection of different networks and separate autonomous systems that operate by exchanging data with each other. There are multiple ways to exchange data, but for simplicity, we’ll focus on two key methods on how these networks communicate: Peering and IP Transit. To better understand the benefits of our global backbone, it helps to understand these basic connectivity solutions we use in our network.
Peering: The voluntary interconnection of administratively separate Internet networks that allows for traffic exchange between users of each network is known as “peering”. Cloudflare is one of the most peered networks globally. We have peering agreements with ISPs and other networks in 330 cities and across all major Internet Exchanges (IX’s). Interested parties can register to peer with us anytime, or directly connect to our network with a link through a private network interconnect (PNI).
IP transit: A paid service that allows traffic to cross or “transit” somebody else’s network, typically connecting a smaller Internet service provider (ISP) to the larger Internet. Think of it as paying a toll to access a private highway with your car.
The backbone is a dedicated high-capacity optical fiber network that moves traffic between Cloudflare’s global data centers, where we interconnect with other networks using these above-mentioned traffic exchange methods. It enables data transfers that are more reliable than over the public Internet. For the connectivity within a city and long distance connections we manage our own dark fiber or lease wavelengths using Dense Wavelength Division Multiplexing (DWDM). DWDM is a fiber optic technology that enhances network capacity by transmitting multiple data streams simultaneously on different wavelengths of light within the same fiber. It’s like having a highway with multiple lanes, so that more cars can drive on the same highway. We buy and lease these services from our global carrier partners all around the world.
Backbone operations and benefits
Operating a global backbone is challenging, which is why many competitors don’t do it. We take this challenge for two key reasons: traffic routing control and cost-effectiveness.
With IP transit, we rely on our transit partners to carry traffic from Cloudflare to the ultimate destination network, introducing unnecessary third-party reliance. In contrast, our backbone gives us full control over routing of both internal and external traffic, allowing us to manage it more effectively. This control is crucial because it lets us optimize traffic routes, usually resulting in the lowest latency paths, as previously mentioned. Furthermore, the cost of serving large traffic volumes through the backbone is, on average, more cost-effective than IP transit. This is why we are doubling down on backbone capacity in regions such as Frankfurt, London, Amsterdam, and Paris and Marseille, where we see continuous traffic growth and where connectivity solutions are widely available and competitively priced.
Our backbone serves both internal and external traffic. Internal traffic includes customer traffic using our security or performance products and traffic from Cloudflare’s internal systems that shift data between our data centers. Tiered caching, for example, optimizes our caching delivery by dividing our data centers into a hierarchy of lower tiers and upper tiers. If lower-tier data centers don’t have the content, they request it from the upper tiers. If the upper tiers don’t have it either, they then request it from the origin server. This process reduces origin server requests and improves cache efficiency. Using our backbone to transport the cached content between lower and upper-tier data centers and the origin is often the most cost-effective method, considering the scale of our network. Magic Transit is another example where we attract traffic, by means of BGP anycast, to the Cloudflare data center closest to the end user and implement our DDoS solution. Our backbone transports the clean traffic to our customer’s data center, which they connect through a Cloudflare Network Interconnect (CNI).
External traffic that we carry on our backbone can be traffic from other origin providers like AWS, Oracle, Alibaba, Google Cloud Platform, or Azure, to name a few. The origin responses from these cloud providers are transported through peering points and our backbone to the Cloudflare data center closest to our customer. By leveraging our backbone we have more control over how we backhaul this traffic throughout our network, which results in more reliability and better performance and less dependency on the public Internet.
This interconnection between public clouds, offices, and the Internet with a controlled layer of performance, security, programmability, and visibility running on our global backbone is our Connectivity Cloud.
This map is a simplification of our current backbone network and does not show all paths
Expanding our network
As mentioned in the introduction, we have increased our backbone capacity (Tbps) by more than 500% since 2021. With the addition of sub-sea cable capacity to Africa, we achieved a big milestone in 2023 by completing our global backbone ring. It now reaches six continents through terrestrial fiber and subsea cables.
Building out our backbone within regions where Internet infrastructure is less developed compared to markets like Central Europe or the US has been a key strategy for our latest network expansions. We have a shared goal with regional ISP partners to keep our data flow localized and as close as possible to the end user. Traffic often takes inefficient routes outside the region due to the lack of sufficient local peering and regional infrastructure. This phenomenon, known as traffic tromboning, occurs when data is routed through more cost-effective international routes and existing peering agreements.
Our regional backbone investments in countries like India or Turkey aim to reduce the need for such inefficient routing. With our own in-region backbone, traffic can be directly routed between in-country Cloudflare data centers, such as from Mumbai to New Delhi to Chennai, reducing latency, increasing reliability, and helping us to provide the same level of service quality as in more developed markets. We can control that data stays local, supporting our Data Localization Suite (DLS), which helps businesses comply with regional data privacy laws by controlling where their data is stored and processed.
Improved latency and performance
This strategic expansion has not only extended our global reach but has also significantly improved our overall latency. One illustration of this is that since the deployment of our backbone between Lisbon and Johannesburg, we have seen a major performance improvement for users in Johannesburg. Customers benefiting from this improved latency can be, for example, a financial institution running their APIs through us for real-time trading, where milliseconds can impact trades, or our Magic WAN users, where we facilitate site-to-site connectivity between their branch offices.
The table above shows an example where we measured the round-trip time (RTT) for an uncached origin fetch, from an end-user in Johannesburg to various origin locations, comparing our backbone and the public Internet. By carrying the origin request over our backbone, as opposed to IP transit or peering, local users in Johannesburg get their content up to 22% faster. By using our own backbone to long-haul the traffic to its final destination, we are in complete control of the path and performance. This improvement in latency varies by location, but consistently demonstrates the superiority of our backbone infrastructure in delivering high performance connectivity.
Traffic control
Consider a navigation system using 1) GPS to identify the route and 2) a highway toll pass that is valid until your final destination and allows you to drive straight through toll stations without stopping. Our backbone works quite similarly.
Our global backbone is built upon two key pillars. The first is BGP (Border Gateway Protocol), the routing protocol for the Internet, and the second is Segment Routing MPLS (Multiprotocol label switching), a technique for steering traffic across predefined forwarding paths in an IP network. By default, Segment Routing provides end-to-end encapsulation from ingress to egress routers where the intermediate nodes execute no route lookup. Instead, they forward traffic across an end-to-end virtual circuit, or tunnel, called a label-switched path. Once traffic is put on a label-switched path, it cannot detour onto the public Internet and must continue on the predetermined route across Cloudflare’s backbone. This is nothing new, as many networks will even run a “BGP Free Core” where all the route intelligence is carried at the edge of the network, and intermediate nodes only participate in forwarding from ingress to egress.
While leveraging Segment Routing Traffic Engineering (SR-TE) in our backbone, we can automatically select paths between our data centers that are optimized for latency and performance. Sometimes the “shortest path” in terms of routing protocol cost is not the lowest latency or highest performance path.
Supercharged: Argo and the global backbone
Argo Smart Routing is a service that uses Cloudflare’s portfolio of backbone, transit, and peering connectivity to find the most optimal path between the data center where a user’s request lands and your back-end origin server. Argo may forward a request from one Cloudflare data center to another on the way to an origin if the performance would improve by doing so. Orpheus is the counterpart to Argo, and routes around degraded paths for all customer origin requests free of charge. Orpheus is able to analyze network conditions in real-time and actively avoid reachability failures. Customers with Argo enabled get optimal performance for requests from Cloudflare data centers to their origins, while Orpheus provides error self-healing for all customers universally. By mixing our global backbone using Segment Routing as an underlay with Argo Smart Routing and Orpheus as our connectivity overlay, we are able to transport critical customer traffic along the most optimized paths that we have available.
So how exactly does our global backbone fit together with Argo Smart Routing? Argo Transit Selection is an extension of Argo Smart Routing where the lowest latency path between Cloudflare data center hops is explicitly selected and used to forward customer origin requests. The lowest latency path will often be our global backbone, as it is a more dedicated and private means of connectivity, as opposed to third-party transit networks.
Consider a multinational Dutch pharmaceutical company that relies on Cloudflare’s network and services with our SASE solution to connect their global offices, research centers, and remote employees. Their Asian branch offices depend on Cloudflare’s security solutions and network to provide secure access to important data from their central data centers back to their offices in Asia. In case of a cable cut between regions, our network would automatically look for the best alternative route between them so that business impact is limited.
Argo measures every potential combination of the different provider paths, including our own backbone, as an option for reaching origins with smart routing. Because of our vast interconnection with so many networks, and our global private backbone, Argo is able to identify the most performant network path for requests. The backbone is consistently one of the lowest latency paths for Argo to choose from.
In addition to high performance, we care greatly about network reliability for our customers. This means we need to be as resilient as possible from fiber cuts and third-party transit provider issues. During a disruption of the AAE-1 (Asia Africa Europe-1) submarine cable, this is what Argo saw between Singapore and Amsterdam across some of our transit provider paths vs. the backbone.
The large (purple line) spike shows a latency increase on one of our third-party IP transit provider paths due to congestion, which was eventually resolved following likely traffic engineering within the provider’s network. We saw a smaller latency increase (yellow line) over other transit networks, but still one that is noticeable. The bottom (green) line on the graph is our backbone, where round-trip time more or less remains flat throughout the event, due to our diverse backbone connectivity between Asia and Europe. Throughout the fiber cut, we remained stable at around 200ms between Amsterdam and Singapore. There was no noticeable network hiccup as was seen on the transit provider paths, so Argo actively leveraged the backbone for optimal performance.
Call to action
As Argo improves performance in our network, Cloudflare Network Interconnects (CNIs) optimize getting onto it. We encourage our Enterprise customers to use our free CNI’s as on-ramps onto our network whenever practical. In this way, you can fully leverage our network, including our robust backbone, and increase overall performance for every product within your Cloudflare Connectivity Cloud. In the end, our global network is our main product and our backbone plays a critical role in it. This way we continue to help build a better Internet, by improving our services for everybody, everywhere.
If you want to be part of our mission, join us as a Cloudflare network on-ramp partner to offer secure and reliable connectivity to your customers by integrating directly with us. Learn more about our on-ramp partnerships and how they can benefit your business here.
Between June 6-9 2024, hundreds of millions of European Union (EU) citizens will be voting to elect their members of the European Parliament (MEPs). The European elections, held every five years, are one of the biggest democratic exercises in the world. Voters in each of the 27 EU countries will elect a different number of MEPs according to population size and based on a proportional system, and the 720 newly elected MEPs will take their seats in July. All EU member states have different election processes, institutions, and methods, and the security risks are significant, both in terms of cyber attacks but also with regard to influencing voters through disinformation. This makes the task of securing the European elections a particularly complex one, which requires collaboration between many different institutions and stakeholders, including the private sector. Cloudflare is well positioned to support governments and political campaigns in managing large-scale cyber attacks. We have also helped election entities around the world by providing tools and expertise to protect them from attack. Moreover, through the Athenian Project, Cloudflare works with state and local governments in the United States, as well as governments around the world through international nonprofit partners, to provide Cloudflare’s highest level of protection for free to ensure that constituents have access to reliable election information.
Election security in 2024: dealing with new and upcoming threats
Ensuring a free, fair, and open electoral process and securing candidate campaigns is understandably a top priority for the EU institutions, as well as for national governments and cybersecurity agencies across the EU. European authorities have already taken a number of measures to ensure the elections are well-protected. Efforts to coordinate election security measures amongst the EU countries are led by the NIS Cooperation Group, with the support of the EU Agency for Cybersecurity (ENISA), the European Commission, and the European External Action Service (the EU’s foreign service).
The NIS Cooperation Group recently issued an updated Compendium on safeguarding the elections amidst cybersecurity challenges, noting that “since the last EU elections in 2019, the elections threat landscape has evolved significantly”. Governments note in particular the impact of Artificial Intelligence (AI), including deep fakes, but also the increased sophistication of threat actors and the trend of “hacktivists-for-hire” as new risks that need to be taken into account. European institutions also highlight today’s geopolitical context, with conflicts in Ukraine and the Middle East impacting cyber threats and foreign influence campaigns in Europe.The European External Action Service analyzed cases of FIMI (Foreign Information Manipulation and Interference) during recent national elections in Spain and Poland, and put together suggested plans for governments on how to respond to the various stages of those FIMI campaigns originating from foreign (e.g. non-EU) actors. EU High Representative for Foreign Affairs Josep Borrell said in a recent blog post that protecting the election process and more broadly European public debate from malign foreign actors “is a security challenge, which we need to tackle seriously”.
Some national governments have also warned against the risks of so-called hybrid threats, whereby foreign governments deploy various methods to exert influence on other states, including disinformation campaigns, cyberattacks and espionage. Germany’s Federal Ministry of the Interior notes that “elections are often a catalyst for increased levels of illegitimate activity by foreign governments, because stoking fear and spreading hate can contribute to the polarization of society, influencing voting habits. (…) We must make a determined effort to counter these threats.”
EU readiness for election season
As part of national and EU-level coordination amongst governments and agencies to prepare to mitigate threats and risks to the European elections, ENISA supports national governments’ measures to ensure the elections will be secure, including by organizing a cybersecurity exercise to test the various crisis plans and responses to potential attacks by national and EU level agencies and governments. ENISA has also put together a checklist for authorities in order to raise awareness on specific risks and threats to the election process.
The European Union has also prepared for other phenomena endangering the security and integrity of the election process, including the spread of disinformation via online platforms. For example, the European Commission recently issued strict guidelines for “Very Large Online Platforms” (VLOPs) and “Very Large Search Engines” (VLOSEs) under the EU Digital Services Act on measures to mitigate systemic risks online that may impact the integrity of elections. These large companies will be required to have dedicated staff to monitor for disinformation threats in the 23 official EU languages across the 27 member states, collaborating closely with European cybersecurity authorities. In addition, in line with upcoming EU legislation on transparency of political advertising, political ads on large social media platforms should be clearly labeled as such.
In its 11th EU Threat Landscape report, published in 2023, ENISA also warned about the risks associated with the rise of AI-enabled information manipulation, including the disruptive impacts of AI chatbots. The European Commission, in its efforts to fight the proliferation of deep fakes and sophisticated voter manipulation tactics through advanced generative AI systems, recently launched inquiries into major AI developers and promoted industry pledges in the context of the EU AI Pact.
The view from Cloudflare: increases in cyber attacks around elections
It is likely that the EU is going to see a trend similar to many other jurisdictions where there have been increases in cyber threats targeting election entities. In the period between November 2022 and August 2023, Cloudflare mitigated 213.78 million threats to government election websites in the United States. That amounts to 703,223 threats mitigated per day on average. There is indeed already evidence that European institutions are subject to increasing attacks.
In November 2023, the European Parliament website was subject to a large cyber attack. And in March 2024, French government websites faced attacks of “unprecedented intensity,” according to a spokesperson. A few days before the attacks, on February 25, 2024, Cloudflare blocked a significant DDoS attack on a French government website. It reached as much as 420 million requests per hour and lasted for over three hours.
The UK government warned last year that there were “sustained” cyberattacks against civil society organizations, journalists and public sector groups, as well as phishing attempts directed at British politicians. Most recently, the IT infrastructure of German political party CDU was hit by a “serious cyberattack” according to the German Interior Ministry.
We have also seen that the magnitude of cyber attacks overall is growing every year. As outlined in Cloudflare’s latest DDoS threat report, published in Q1 2024, Cloudflare’s defense systems automatically mitigated 4.5 million DDoS attacks during that first quarter, representing a 50% year-over-year (YoY) increase. EU governments noted in their 2024 Compendium on safeguarding the elections that DDoS attacks “can still be very effective in undermining the public’s trust in the electoral process, especially if affecting its most critical and visible phases – that is the transmission, aggregation and display of voting results”.
However, it is not only an increase in the size of attacks on websites that is keeping election officials up at night. There are often multiple attack vectors that need to be taken into account, and ensuring election processes and public institutions remain secure is a very complicated task. For example, in the three months leading up to the 2022 U.S. midterm elections, Cloudflare prevented around 150,000 phishing emails targeting campaign officials. ENISA’s latest EU Threat Landscape report, when discussing phishing campaigns, pointed to the risks of AI applied to social engineering (e.g. used for crafting more convincing phishing messages), which can make phishing less costly, easier to scale-up, and more effective. These developments all show how securing voter registration systems, ensuring the integrity of election-related information, and planning effective incident response are necessary as online threats grow more and more sophisticated.
Securing the democratic process in the digital age requires partnerships between governments, civil society, and the private sector. Cloudflare has helped election entities around the world by providing tools and expertise to protect themselves from cyberattack. For example, in 2020, we partnered with the International Foundation for Electoral Systems to provide Enterprise-level services to six election management bodies, including the Central Election Commission of Kosovo, State Election Commission of North Macedonia, and many local election bodies in Canada.
Impact on Internet traffic
Cloudflare’s global network, which spans more than 120 countries and protects around 20% of all websites, allows us a unique view of the trends and patterns seen in Internet traffic. Some of those trends, including traffic, connection quality, and Internet outages, can be seen in our Internet insights platform, Cloudflare Radar.
Several of these trends are especially important to watch during election season. Upon deeper analysis, we observed spikes in traffic to websites related to elections, and to news websites, during this time. From data obtained in 2023 through an analysis of US state and local government websites protected under the Athenian Project, as well as US nonprofit organizations that work in voting rights and promoting democracy under Project Galileo, and political campaigns and parties under Cloudflare for Campaigns, Cloudflare observed an increase in traffic to US election and non-profit websites during the run-up to elections, and then a significant spike on election day as seen in the graphs below.
DNS traffic to election domains observed through Cloudflare’s 1.1.1.1 resolver in April 2022, during the first round of the French Presidential elections
Coordinated efforts are key
The protection of election entities and related organizations and institutions is a huge and complex task. As noted, this requires partnerships and collaboration between different actors, both public and private, with specific expertise. The work done by EU governments and agencies to prepare, be ready and collaborate on election security precautions as outlined above is both welcome and necessary in order to ensure free, fair and above all secure elections. This can only ever be a coordinated effort, with both governments and industry working together to ensure a robust response to any threats to the democratic process. For its part, Cloudflare is protecting a number of governmental and political campaign websites across the EU.
We want to ensure that all groups working to promote democracy around the world have the tools they need to stay secure online. If you work in the election space and need our help, please get in touch. If you are an organization looking for protection under Project Galileo, please visit our website at cloudflare.com/galileo.
More information about the European Union elections can be found here. And if you are based in the EU, do not forget to vote!
Election security encompasses a wide variety of measures, including the protection of voting machines, election office networks, voter registration databases, and other systems that manage the electoral process. At Cloudflare, we have reported on threats to state and local governments under the Athenian Project, how we prepare political campaigns and state parties under Cloudflare for Campaigns for election season, and our work with organizations that report on election results and voting rights groups under Project Galileo.
Since the 2022 US midterm elections, we have been thinking about how we help state and local governments deflect larger cyber threats that target the election community and have been analyzing the biggest problems they are facing. In October 2022, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, said, “The current election threat environment is more complex than it has ever been.” Amid threats, intimidation toward election workers, and cyber attacks against election infrastructure and operations, preparing for elections is no easy task.
At Cloudflare, our mission is to help build a better Internet. The Internet plays a key role in promoting democracy and ensuring constituents’ access to information. With this, we are excited to share that we have grown our offering under the Athenian Project to include Cloudflare’s Area 1 email security suite to help state and local governments protect against a broad spectrum of phishing attacks to keep voter data safe and secure.
Our work in protecting elections
To understand why we have expanded our product set, we need to look back on how our services have helped state and local governments during election time. Under the Athenian Project, we have provided our highest level of Cloudflare services—the Enterprise plan—for free to state and governments that run elections. The idea originally was that, just like every other Internet property, election websites need to be fast, they need to be reliable, and they need to be secure. Yet, scarce budgets too often prevent governments from getting the right resources to prevent attacks and stay online.
With this, we launched the Athenian Project in 2017. It includes many of our core web services, such as DDoS protection, Web Application Firewall, SSL encryption, and more security features that focus on web applications. We have been able to provide these services to local governments in 31 states and currently protect 359 election entities in the United States.
We have expanded our product set at Cloudflare with Workers, Pages, Zero Trust, and network security solutions. With this, we wanted to understand how we can better support the election community that we work with every day on the Athenian Project.
We knew we could provide more
Internally, we brainstormed on the most pressing issues that face the election community and overall Internet ecosystem. We also asked new and existing Athenian participants on the largest pain points they have when it comes to securing their internal networks and applications. We received a range of answers, from fears of a DDoS attack on election night, to zero-day exploits, on-path attacks, and malware attacks. Many of the same themes came up, especially for small counties that run elections with a huge fear of phishing and ransomware attacks.
Despite email’s importance as a communication method, many types of email security still are not built into email by default. As a result, email is a major attack vector for organizations large and small, and for individual people as well. We have seen firsthand phishing attempts that take advantage of human psychology to encourage quick —and unfortunate— decision-making. Once an attacker has infiltrated a network, they can easily move laterally undetected and impact a wide range of sensitive internal systems.
That is why email security plays a critical role in preemptive defenses against ransomware attacks. Since many of these attacks start with a malicious or phishing email, effective email security can act as a frontline defense against ransomware, and stop these attacks before they reach inboxes. Due to the ease with which threats can be blocked before they reach an election official’s inbox, we were excited to work with those in the election space to find the best way to make these products available.
Typically, when we offer new security products under our Impact projects, we collaborate with external stakeholders. One example is the civil society groups that we partner with under Project Galileo; many of them work in the election community and at government agencies, such as CISA’s Joint Cyber Defense Collaborative (JCDC). These partnerships help us understand how to provide these security tools in a responsible and sustainable way.
How one North Carolina county uses Area 1 email security
Months before the 2022 US midterm elections, we reached out to a few state and local governments that currently use Zero Trust products, such as Access and Gateway, to discuss email security.
One of our Athenian participants that was eager to work with us on this expansion was Rowan County, North Carolina. For Randy Cress, CIO for Rowan County, election season means all hands on deck for IT staff in order to secure their .gov site that provides accurate, secure information to voters.
In 2020, Rowan County reported that Cloudflare helped them tackle a 400% increase in traffic on a limited budget which allowed them to refocus resources on other county initiatives. When it comes to phishing attacks, Randy wanted to shield county employees from phishing attacks and block malicious threats automatically.
“Prior to Area 1 Security, we were using Office 365 email protection with limited insight for the specifics for messages that were quarantined. While cloud services from Microsoft are continually evolving, we were looking to reduce complexity to support security functions within our environment, allowing us to continue implementing new layers of defense.”
Deploying Area 1 gave the county the ability to preemptively discover and eliminate phishing attacks before they inflict damage in their environment. Randy added, “Our team was able to fully onboard prior to the official onboarding call in less than 30 minutes with Cloudflare. We were able to focus on features and specifics of the product offering in lieu of time spent in configuration mode and troubleshooting. Since we are using Cloudflare for DNS and DDoS protection, the changes were extremely easy and there were no interruptions to our mail delivery process.”
For the 2022 US midterm elections, Randy reported, “Leading up to the elections, reports within our Area 1 dashboard indicated 2x as many inbound malicious emails from the same time period in October 2022. We saw credential harvesting as the top threat, and we are easily able to see which users are targeted for email compromise. With Area 1 Security under the Athenian Project, we were able to add additional layers of security to our organization, as it allowed us to preemptively defend against malicious messages before an employee can click on a malicious link. This gives us comfort knowing that Cloudflare is our first line of defense, so we can focus on providing a secure voting process for the constituents of Rowan County.”
Area 1 and the Athenian Project
Cloudflare Area 1 email security is a cloud-native service that stops phishing attacks and can be used with Enterprise accounts under the Athenian Project. If you are a state or local government that is interested in learning more about the Athenian Project, please apply on our website: https://www.cloudflare.com/athenian/.
The organizations served by Projects Galileo and Athenian face the same security challenges as some of the world’s largest companies, but lack the budget to protect themselves. Sophisticated phishing campaigns attempt to compromise user credentials. Bad actors find ways to disrupt connectivity to critical resources. However, the tools to defend against these threats have historically only been available to the largest enterprises.
We’re excited to help fix that. Starting today, we are making the Cloudflare One Zero Trust suite available to teams that qualify for Project Galileo or Athenian at no cost. Cloudflare One includes the same Zero Trust security and connectivity solutions used by over 10,000 customers today to connect their users and safeguard their data.
Same problem, different missions
Athenian Project candidates work to safeguard elections in the United States. Project Galileo applicants launched their causes to support journalists, encourage artistic expression, or protect persecuted groups. They each set out to fix difficult and painful problems. None of the applications to our programs wrote their mission statement to deal with phishing attacks or internal data loss.
However, security problems plague these teams. Instead of being able to focus on their unique mission, these groups spend money, time, and energy attempting to defend from attacks. The headaches range from expensive distractions to outright breaches. Even the mundane work to connect employees to important tools continues to be a headache. Every chore or incident takes away from the ability of these organizations to advance their cause.
We built Cloudflare One to solve the common security problems that can derail any team. Our mission is to help build a better Internet and, in doing so, we create tools that allow the groups served by the Athenian Project and Project Galileo spend as much of their day solving their own unique challenges.
The products we are making available today provide security against a broad, and growing, range of attacks that target how a team works together on the Internet. Project Galileo and Athenian candidates can choose to start in any place depending on their existing security challenges. If you need a guide on where to get started, we’ve broken down three common first steps that we recommend.
1) Stop phishing attacks
Many phishing attacks start with a malicious link buried in a single email from a sender that seems trustworthy. A user in your organization clicks on that link, believing it to be from a teammate or manager, and lands on a website that looks almost identical to your identity provider or one of the web applications they use every day. They input their username and password, sending their credentials directly to the attacker.
Cloudflare One’s email security, our Area 1 product, is our first line of phishing defense. Area 1 scans the emails headed to your organization for the presence of potential phishing campaigns and other types of security attacks. Malicious messages never arrive without interrupting the emails that your team should receive. You can deploy Area 1 in minutes with a few changes to your DNS records to safeguard your Microsoft 365, Gmail, or nearly any other email deployment.
As part of today’s announcement, we are making Area 1 available to Project Galileo and Athenian organizations at no cost. The same level of protection trusted by large corporations from Werner Enterprises to Fortune 500 consumer packaged goods firms is now available to your team.
In some cases, an email evades detection or the phishing link reaches your users through other channels. Cloudflare One can still help. When your team members navigate the Internet, they rely on DNS queries made by their device in order to translate the hostname of a website to the IP address of the server. Their device sends those queries to a DNS resolver.
Cloudflare runs the world’s fastest DNS resolver, 1.1.1.1, and we offer a security version that also filters DNS queries made to destinations that are known to be malicious. If a user accidentally clicks on a link from a text message or in a website, their device first sends that DNS query to Cloudflare. If dangerous, we stop the query before the malicious destination can load. If benign, we’ll respond with the destination faster than other resolvers.
Cloudflare’s DNS filtering keeps the US Federal Government safe, but can be deployed by teams of any size. You can secure entire office networks with the change of one router setting or deploy our roaming agent to keep your users safe wherever they work. Together with email protection, your team can filter out phishing attacks in a defense-in-depth approach.
2) Connect employees and partners
Many teams that qualify for Project Galileo had to find ways to work across geographies long before the pandemic sent employees home from other companies. These teams typically deployed a legacy virtual private network (VPN) to allow team members from across the world to reach the tools they needed to collect data, file stories, or submit research. At best, those VPN deployments slowed down user connectivity and introduced maintenance headaches. At worst, they gave anyone on the network overly broad access to nearly any resource.
With Cloudflare One, your team can operate in any location and still reach your internal tools while controlling exactly who can access which application or service. Organizations that need to operate a traditional private network can run one on Cloudflare by deploying our device client (WARP) on user endpoints and establishing outbound connections to our global network via Cloudflare Tunnel. Users enjoy the performance and availability of Cloudflare’s network while administrators can build granular permissions without the need for additional application development.
We also know that many Galileo and Athenian organizations work alongside hundreds or thousands of partners and volunteers. Those users need to also reach internal resources but are not willing or able to install software on their personal devices.
To solve that challenge, Cloudflare One can be deployed in a fully clientless mode that can use multiple identity providers including consumer options like Google, Facebook, and LinkedIn. Users authenticate with the single-sign on option they already use from any mobile or desktop device. Administrators control which users can reach specific applications while logging every attempt.
3) Secure your team’s path to the Internet
Beyond phishing attacks, bad actors target organizations with other types of threats like malware hidden in downloads. Researchers and journalists exploring a topic with untrusted sources can bring ransomware back into the entire organization. Team members connecting to the Internet from a hotel Wi-Fi network can have unencrypted DNS queries monitored and reported.
Cloudflare One provides every member of your team with an encrypted, secured on-ramp to the entire Internet. Powered by the same Cloudflare WARP agent that helps millions of users enjoy a more private Internet connection, Cloudflare’s Secure Web Gateway filters all Internet-bound for hidden threats.
When users inadvertently connect to a malicious destination, Cloudflare One will block the attempt and present them with a page explaining what just happened. In the other direction, Cloudflare’s network scans downloads for malware and blocks the download before the user can open it.
The same filtering can be extended to keep sensitive data from leaving your organization. You can build rules that flag file uploads that contain personal information or patterns that are unique to your team or focus area. With just a few clicks, you can create policies that prevent the accidental or malicious loss of data while also restricting uploads to approved destinations.
All without the need for an enterprise IT department
Today’s announcement makes the security technology deployed by the world’s largest enterprises available to organizations of any size. And, despite the broad impact of Athenian and Galileo organizations, that size tends to be smaller.
The teams supported by Project Galileo focus limited resources on advancing journalism, artistic expression, human rights, and other causes. The state and local governments who qualify for the Athenian Project spend their days protecting democracy in the United States. Both groups tend to lack the resources of a Fortune 500 to staff and operate a large IT department.
We built Cloudflare One as a service that a team could configure and deploy in a matter of hours and still benefit from comprehensive Zero Trust security. We’ve published a Zero Trust Roadmap that your team can use to determine how to get started with guidelines for the time required at each step.
How to get started
We’re excited to extend Projects Galileo and Athenian to include Cloudflare One. Are you an existing qualified organization or interested in applying? Follow the link here and here to get started.
If you are not part of Project Galileo or Athenian, but still want to begin deploying Cloudflare One, we make the service available at no cost to teams of up to 50 users. Click here to sign up.
Since our founding, Cloudflare’s mission has been to “help build a better Internet,” and we take it to heart. It used to be that the services required to adequately secure an online presence were only available to the largest of enterprises — organizations big enough to afford both the technology itself and the teams to manage it.
We’ve worked hard over the years to level the playing field. This has meant making more and more of the essential tools for protecting an online presence available to as many people as possible. Cloudflare offers unmetered DDoS protection — for free. We were the first to introduce SSL at scale — for free. And it’s not just protection for your external-facing infrastructure: we have a free Zero Trust plan that enables teams to protect their internal-facing infrastructure, too.
These types of tools have always been important for the billions of people on the Internet. But perhaps never as important as they’ve become this week.
Not surprisingly, we’ve been fielding many questions from our customers about what they should be doing to increase their cyber resilience. But helping to build a better Internet is broader than just helping our customers. We want everyone to be safe and secure online.
So: what should you do?
Whether you’re a seasoned IT professional or a novice website operator, these free Cloudflare resources are available for you today. Beyond these free resources, there are a few simple steps that you can take to help stay protected online.
Free Cloudflare resources to help keep you and your organization safe
These Cloudflare services are available to everyone on the Internet. If you’re a qualified vulnerable public interest group, or an election entity, we have additional free services available to you.
Let’s start with the services that are freely available to everyone.
For your public-facing infrastructure, such as a website, app, or API:
This provides the basics you need to protect public-facing infrastructure: unmetered DDoS mitigation, free SSL, protection from vulnerabilities including Log4J. Furthermore, it includes built-in global CDN and DNS.
For your internal-facing infrastructure, such as cloud apps, self-hosted apps, and devices:
These essential security controls keep employees and apps protected online by ensuring secure access to the Internet, self-hosted applications and SaaS applications. Free for up to 50 users.
For your personal devices, such as phones, computers, and routers:
Otherwise known as Cloudflare for Families. This is the same as Cloudflare’s privacy-protecting, superfast 1.1.1.1 DNS resolver. However, 1.1.1.2 has one big added benefit over 1.1.1.1: if you click on a link that’s about to take you to malware, we step in on your behalf, preventing you from ending up on the malicious site. It’s super simple to set up: you can follow the instructions here, then click the “Protect your home against malware” button; or simply update your DNS settings to use the following:
And while we’ve called it Cloudflare for Families, we should note: it works equally well for businesses, too.
All the services listed above are available now. They can scale to the most demanding applications and withstand the most determined attacks. And they are made freely available to everyone on the Internet.
Cloudflare provides an additional level of free services to special types of organizations.
Project Galileo: for vulnerable public interest groups
Founded in 2014, Project Galileo is Cloudflare’s response to cyberattacks launched against important yet vulnerable targets like artistic groups, humanitarian organizations, and the voices of political dissent. Perhaps now more than ever, protecting these organizations is crucial to delivering the promise of the Internet. Importantly, it’s not us deciding who qualifies: we work with a range of partner organizations such as the Freedom of the Press Foundation, the Electronic Frontier Foundation, and the Center for Democracy and Technology to help identify qualified organizations.
Over the past week we’ve seen an influx of applications to Project Galileo from civil society and community organizations in Ukraine and the region who are increasingly organizing to provide support and essential information to the people of Ukraine. To the vulnerable organizations that qualify, we offer a range of further Cloudflare services that we usually reserve for our largest enterprise customers. You can visit here to find out more about Project Galileo, or if you think your organization might qualify, we encourage you to apply here.
The Athenian Project: for election entities
As with public interest groups, there are many malicious actors today who try to interfere with free and democratic elections. One very simple way that they can do this is through cyberattacks. Just like every other Internet property, election websites need to be fast, they need to be reliable, and they need to be secure. Yet, scarce budgets often prevent governments from getting the resources needed to prevent attacks and keep these sites online.
Just like with Project Galileo, for election entities that qualify, we offer a range of further Cloudflare services to help keep them safe, fast, and online. We have more information about the Athenian Project here, and if you’re working at an election entity, you can apply at the bottom of that same page.
We’re all dependent on the Internet more than ever. But as that dependency grows, so too does our vulnerability to attack. Cloudflare provides these no cost services in the spirit of helping to build a better Internet. Please take advantage of them, and spread the word to other people and organizations who could benefit from them too.
Basic online security hygiene
Beyond Cloudflare’s free services, there are a range of basic steps that you can take to help protect your online presence. We’re imagining that almost everyone will have heard of these steps before. For those of you who have heard it but have been putting it off, now is the time. Taking these simple steps today can save you a world of cyber heartache tomorrow.
Don’t re-use passwords across accounts. It’s unfortunate, but websites and applications are compromised every day. Sometimes, a compromise will result in a hacker gaining access to all the usernames and passwords on that website or app. One of the first things a hacker will then do is try all those username and password combinations on other popular websites. If you had an account on a compromised website, and your password there is the same as the one you use for (say) your online banking account, well… they’re now in your bank account. Compounding this, compromised credentials are frequently bought and sold in illegal online marketplaces. You can check if your credentials have been compromised on this site. It’s extremely important to ensure that you don’t use the same credentials on multiple sites or apps.
Use multi-factor authentication on your accounts. This adds a second layer of identification beyond just your password. It often takes the form of a confirmation code in a text message or email, or better yet, a randomly generated code from an authentication app, or, best of all, a hardware key that you insert into your computer or wave at your phone. This helps ensure that the person logging into your account is actually you. Internally at Cloudflare, we use hardware keys exclusively because of their high security.
Use a password manager. If you want to compress the two above steps down into one, find and begin using a password manager. A password manager helps you manage passwords across multiple accounts; it automatically creates a random and unique password for each login you have. It can also manage randomly generated multi-factor authentication for you. If you’re in the Apple ecosystem, Apple has one built into iOS and macOS that will sync across your devices. 1Password and LastPass are also very popular examples. We require the use of a password manager at Cloudflare, and recommend their use to everyone.
Keep your software up to date. This applies for all your software — both operating systems and applications, on computers and on your phone. Flaws and potential security holes are being discovered all the time. While vendors are increasingly quick to react, and software can be patched over the Internet in a matter of minutes — this only works if you click the “Install Update Now” button. Or better yet, you can set updates to be automatic, and this can help to guarantee that your systems stay current.
Be extra cautious before clicking on links in emails. According to the CISA, more than 90% of successful cyber-attacks start with a phishing email. This is when a link or webpage looks legitimate, but it’s actually designed to have you reveal your passwords or other sensitive information. You can double-check the URL of any links you click on. Or better yet, type the URL in yourself, or search for the site you’re looking for from your search engine. Finally, 1.1.1.2 (see above in this post) can help protect you in the event that you do click on one of these phishing links.
Be extra cautious giving credentials to people who have called you. Phishing doesn’t just happen via email. It can happen over the phone, too. It might be a call from someone claiming to work at your bank, telling you there’s strange activity on your account. Or someone claiming to be an IT administrator at your company, asking why you’ve been looking at strange websites. After putting you on the back foot, they’ll ask for something so they “can help you” — possibly a password or a text confirmation code. Don’t give it to them. If you’re at all unsure of anyone who just called you, there’s a simple solution: ask them for their name, their department, and their organization, and then hang up. You can then call them back through a phone number that their organization advertises on their homepage.
Have an offline, or at least a cloud-based, backup of critical or irreplaceable data. Even if you follow every last piece of advice above, there is still the risk that something bad happens. A backup of your critical data — ideally offline, but even one up in the cloud — is your last line of defense. Beyond security resilience, backups also improve your general resilience. Lost devices, natural disasters, and accidents happen. Backups mitigate the impact.
These are simple and immediate actions you can take to help keep your online presence secure.
From everyone at Cloudflare: we hope that you and your loved ones are safe during these unpredictable times.
Over the course of the past few years, we’ve seen a wide variety of different kinds of online threats to democratically-held elections around the world. These threats range from attempts to restrict the availability of information, to efforts to control the dialogue around elections, to full disruptions of the voting process.
Some countries have shut down the Internet completely during elections. In 2020, Access Now’s #KeepItOn Campaign reported at least 155 Internet shutdowns in 29 countries such as Togo, Republic of the Congo, Niger and Benin. In 2021, Uganda’s government ordered the “Suspension Of The Operation Of Internet Gateways” the day before the country’s general election.
Even outside a full Internet shutdown, election reporting and registration websites can face attacks from other nations and from parties seeking to disrupt the administration of the election or undermine trust in the electoral process. These cyberattacks target not only electronic voting or election technologies, but access to information and communications tools such as voter registration and websites that host election results. In 2014, a series of cyberattacks including DDoS, malware and phishing attacks were launched against Ukraine’s Central Election Commission ahead of the presidential election. These sophisticated attacks attempted to infiltrate the internal voting system and spread malware to deliver fake election results. Similar attacks were seen again in 2019 as Ukraine accused Russia of launching a DDoS attack against the CEC a month before the presidential election. These types of attacks that target electoral management agencies’ communication tools and public facing websites have been on the rise in countries ranging from Indonesia, North Macedonia, Georgia, and Estonia.
Three and a half years ago, Cloudflare launched the Athenian Project to provide free Enterprise level services to state and local election websites in the United States. Through this project we have protected over 292 websites with information about voter registration, voting and polling places, as well as sites publishing final results across 30 states at no cost to the entities administering them. However, due to the growing trend of cyberattacks targeting election infrastructure, election security is not a US-specific issue, and since we launched the Athenian Project in the United States many people have asked: why don’t you extend these cybersecurity protections to election entities around the world?
Challenges, Solutions and Partnerships
The short answer is we weren’t entirely sure whether Cloudflare, a US based company, could provide a free set of upgraded security services to foreign election entities. Cloudflare is a global company with 16 offices around the world and a global network that spans over 100 countries to provide security and performance tools. We are proud to create new and innovative products to enhance user privacy and security, but understanding the intricacies of local elections, the regulatory environment, and political players is complicated, to say the least.
When we started the Athenian Project in 2017, we understood the environment and gaps in coverage for state and local governments in the United States. The United States has a decentralized election administrative system, which means that local election administrators may conduct elections differently in every state. Because of the funding challenges that come with a decentralized system, state and local governments in all 50 states could benefit from free Enterprise-level services. Fast-forward to more than three years after we launched the project, we have learned a great deal about what types of threats election entities face, what products election entities need for securing their web infrastructure, and how to build trust with state and local governments in need of these types of protections.
As the Athenian Project and Cloudflare for Campaigns grew in the United States, we received inquiries from foreign election bodies, political parties and campaigns on whether they were eligible for protection under one of these projects. We turned to our Project Galileo partners for their advice and guidance.
Under Project Galileo, we partner with more than 40 civil society organizations to protect a range of sensitive players on the Internet including human rights organizations, journalism and independent media, and organizations that focus on strengthening democracy in 111 countries. Many of these civil society partners work on election-related matters such as capacity building, strengthening democratic institutions, supporting civil society organizations to equipping these groups with the tools they need to be safe and secure online. These partners, many of whom have local representatives on the ground, understand the intricacies of the election landscape and delicate nature of trust building between local election administrations, political parties and organizations with personnel directly on the ground in many of these regions to provide direct support and expertise when it comes to safeguarding elections.
After many discussions and years in the making, we are excited to announce our collaboration with The International Foundation for Electoral Systems, National Democratic Institute, the International Republican Institute and to provide free Enterprise Cloudflare services to groups working on election reporting and to election management agencies to provide the tools, resources and expertise to help them stay online in the face of large scale cyber attacks.
Partnership with International Foundation for Electoral Systems
As we work with civil society organizations on issues in the election space and extending protections outside the United States, we frequently heard organizations bring up IFES, the International Foundation for Electoral Systems, due to their expertise in promoting and protecting democracy. The International Foundation for Electoral Systems is a nonpartisan, nonprofit organization that has worked in more than 145 countries, from developing to mature democracies.
Founded in 1987, IFES’ work in promoting democracy and genuine elections has evolved to meet the challenges of today and tomorrow. IFES offers research, innovation and technical assistance to support democratic elections, human rights, combat corruption, promote equal political participation, and ensure that information and technology advance, not undermine, democracy and elections.
One of the many reasons we wanted to work with IFES on expanding our election offering was due to the organizations’ unique position in terms of technical expertise, understanding of the political landscapes in which they operate, and fundamental knowledge of the types of protections these election management bodies (EMBs) need in preparing and conducting elections. Building trust in the election space is critical when providing support to EMBs. Due to years of hard work from IFES assisting with the implementation of election operations as well as direct assistance to support democratic developments, and the trust IFES has correspondingly developed with EMBs, they were a logical partner.
IFES’ Center for Technology & Democracy, in collaboration with IFES program teams worldwide, provides cybersecurity and ICT assistance to EMBs and civil society organizations (CSOs). IFES uses leading cybersecurity and ICT practices and standards incorporated into its Holistic Exposure and Adaptation Testing (HEAT) methodology with the aim of increasing EMBs and CSOs digital transformation while mitigating associated risks.
“Cloudflare has played an integral role in helping EMBs and CSOs protect their websites, prevent website defacement, and ensure that they are accessible during peak traffic spikes. This has allowed EMBs and CSOs to build internal and external stakeholder confidence while gaining access and building local capacity on cutting-edge cybersecurity solutions and good practices.” — Stephen Boyce, Senior Global Election Technology & Cybersecurity Advisor at IFES.
As part of the partnership with IFES, Cloudflare provides its highest level of services to EMBs working with IFES and equips them with the cybersecurity tools for their web infrastructure and internal teams to promote electoral integrity and stronger democracies. Along with cybersecurity tools, Cloudflare will work closely with IFES on training and direct assistance to these election bodies, so they have the knowledge and expertise to conduct a free, fair, and safe elections. In the past, Cloudflare has worked with IFES to provide services in support of elections in Georgia, and we look forward to extending these protections to other EMBs in the future.
Partnership with National Democratic Institute, the International Republican Institute and the Design 4 Democracy Coalition
The National Democratic Institute and The International Republican Institute are two of the many Project Galileo partners that we have worked with to provide cybersecurity tools to organizations that work building and strengthening democratic institutions and increasing civic participation all around the world. As we worked together on Project Galileo, our conversations often focused on the best way to extend these types of security tools to groups in the election space.
Cloudflare is excited to announce that we are partnering with the National Democractic Institute (NDI), the International Republican Institute (IRI) and the Design 4 Democracy Coalition (D4D) to expand our election support efforts. Through this initiative, Cloudflare will provide free service to vulnerable groups working on elections, as identified by NDI and IRI. Our combined expertise in cybersecurity and elections administration will enable us to be mutually beneficial in navigating this space. As part of protecting a new set of election groups, Cloudflare will work with NDI and IRI to understand the global threats faced by democratic election institutions.
“Elections are being undermined by a wide range of malign actors. Through our partnership with Cloudflare, IRI has been able to ensure that the civil society and independent media organizations we support globally are able to defend themselves against cyber attacks and massive increases in web traffic – keeping them safe and online at the most critical moments for democratic integrity. We are excited to be working with Cloudflare, NDI, and the D4D Coalition to expand those offerings to election management bodies, political parties, and political campaigns – a critical step toward ensuring that political competition is fought in the sphere of policy and governance delivery, and not through information and cyber warfare.” — Amy Studdart, Senior Advisor for Digital Democracy, Center for Global Impact at the International Republican Institute.
As part of our new initiative, when Cloudflare tests new products which would be particularly useful for election groups we will work with NDI, IRI and D4D to encourage these groups to adopt the new services. This might include passing along information and documentation on how to deploy them, offering webinars, and providing other specialized support. Piloting new products with this audience will also provide us with the opportunity to learn about needs and pain points for these groups.
“Safe, reliable access to the internet is fundamental to a free, open, and democratic electoral process in the modern era. Cloudflare’s sophisticated protections against various forms of cyberattack have provided invaluable support to at-risk campaigns and civic organizations through NDI and the D4D Coalition. This new initiative will go further to supporting one of the most fundamental of human rights: the vote.” — Chris Doten, Chief Innovation Officer at the National Democratic Institute.
Extending Protection to State Parties in the United States with Defending Digital Campaigns
We didn’t forget our friends in the United States. I am excited to announce that we are extending our support to provide a suite of Cloudflare products to eligible state parties in the United States with our partnership with Defending Digital Campaigns (DDC). In January 2020, we announced our partnership with Defending Digital Campaigns, a nonprofit, nonpartisan organization that provides access to cybersecurity products, services, and information to eligible federal campaigns.
We have reported on the regulatory challenges of providing free or discounted services to political campaigns in the past. Due to campaign finance regulations in the United States, private corporations are prohibited from providing any contributions of either money or services to federal candidates or political party organizations. We partnered with DDC, who was granted special permission by the Federal Election Commission to provide eligible federal campaigns with free or reduced-cost cybersecurity services due to the enhanced threat of foreign cyberattacks against party and candidate committees.
Since the start of our partnership, we have provided products to protect Presidential, Senate and House campaigns with tools like DDoS protection, web application firewall, SSL encryption, and bot protection. We have also offered campaigns cybersecurity tools to protect their internal networks, offering Cloudflare Access and Gateway to more than 75 campaigns in the 2020 U.S. election.
After the 2020 U.S. election, DDC extended their offering to protect state parties in select states.
“One of DDC’s core recommendations for any campaign or an organization like a State Party is protecting their websites from attacks or defacements,” said Michael Kaiser, President and CEO of Defending Digital Campaigns. “Our partnership with Cloudflare is critical to bringing this core protection to eligible entities and protecting our democracy.”
We are excited to be furthering our partnership with Defendering Digital Campaigns to provide our free suite of services to eligible state parties to better secure themselves from cyber attacks.
For more information on eligibility for these services under DDC and the next steps, please visit cloudflare.com/campaigns/usa.
To the future…
Recognizing the global nature of cyberthreats targeting election-related technologies, we are excited to be working with these groups to help players in the election space stay secure online. In addition to the goals already laid out, Cloudflare intends to build on these partnerships in the future. Eventually, we hope to assist with each of these partners’ programs as mentors and trainers, perhaps directly participating in assessments and training around critical elections. These groups’ expertise makes them fantastic partners in this space, and we look forward to the opportunity to expand our work with their guidance.
The collective thoughts of the interwebz
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
