Tag Archives: Election Security

2020 U.S. Election: Cybersecurity Analysis

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/2020-us-election-cybersecurity-analysis/

2020 U.S. Election: Cybersecurity Analysis

As the election season has ramped down and the new Presidential Administration begins, we think it’s important to assess whether there are lessons we can draw from our experience helping to provide cybersecurity services for those involved in the 2020 U.S. elections.

Cloudflare built the Athenian Project – our project to provide free services to state and local election websites – around the idea that access to the authoritative voting information offered by state and local governments is key to a functioning democracy and that Cloudflare could play an important role in ensuring that election-related websites are protected from cyberattacks intended to disrupt that access. Although the most significant challenges in this election cycle fell outside the realm of cybersecurity, the 2020 election certainly validated the importance of having access to definitive sources of authoritative election information.

We were pleased that the robust cybersecurity preparations we saw for the 2020 U.S. election appeared to be successful. From the Cloudflare perspective, we had the opportunity to witness firsthand the benefits of having access to free cybersecurity services provided to organizations that promote accurate voting information and election results, state and local governments conducting elections, and federal U.S candidates running for office. As we protect many entities in the election space, we have the ability to identify, learn and analyze attack trends targeted at these sites that provide authoritative election information. We hope that we will continue to be able to assist researchers, policymakers and security experts looking to support best practices to protect the integrity of the electoral process.

Supporting free and fair elections

Many state and local governments bolstered their security postures ahead of the 2020 elections. There have been partnerships between governments, organizations, and private companies assisting election officials with the tools and expertise on best ways to secure the democratic process. Additionally, the spread of COVID-19 has prompted unprecedented challenges on how citizens can vote safely and securely.

Before the 2020 U.S. election, we detailed much of the activity targeting those in the election space to prepare for election day. To the relief of security experts, there were no significant publicly reported cybersecurity incidents as Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency during the 2020 election described it as “just another Tuesday on the Internet.” On November 12, 2020, a joint statement from the leading election security organizations stated “The November 3rd election was the most secure in American history . . . [T]here is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

At Cloudflare, we had a team of over 50 employees monitoring and addressing any issues to ensure we were providing our highest level of support to those working in the election space. It is important to note that our services do not protect electronic voting boxes or ballot counters; instead, Cloudflare services provide protection to websites, applications, and APIs. But we do protect many websites that provide pertinent information on the electoral process in the United States. This includes a wide range of players in the election space that facilitate voter registration, provide information on polling places, and publish election results. Since the 2016 election, state and local government websites that provide information such as voter registration, polling places, and election results, which have been increasingly targeted with cyberattacks.

Protecting organizations in the election space with Project Galileo

We launched Project Galileo in 2014 to provide a free set of security services to a range of vulnerable groups on the Internet such as human rights organizations, journalists and social justice organizations. Under the project, we currently protect more than 1,400 organizations working in regions all over the world with many organizations that work towards providing accurate voting information, tackling voter suppression, providing resources on voting rights and publishing election results. Cloudflare works with a variety of different types of non-governmental entities under Project Galileo, but we generally put them into two groups: participants, who are granted the benefits of Project Galileo, and partners, who work with us to identify other organizations who might be worth supporting. Our partners are typically larger civil society organizations and high profile NGOs, who work with entities who might benefit from our services and decide who should receive Cloudflare protections under the project.

Many of these organizations need cybersecurity protections well before election day. Belmont University is a private, four-year university located in Nashville, Tennessee. Shortly after the University was selected to be the site of the third and final 2020 U.S. Presidential Debate, the University reached out to Cloudflare asking for assistance. As part of the support for the debate, Belmont launched a new website to provide a centralized space for volunteers, media, and the community to prepare and organize the debate.

The project was quickly accepted to Project Galileo and we worked with Paul Chenoweth, Web Programming Service Manager for Belmont University to tackle concerns over server capacity, visitor traffic, site security, and analytics. Chenoweth explains, “We faced a number of web site challenges in 2008 when the university hosted the Town Hall Presidential Debate and with a totally new set of conditions in 2020, we did not know what to expect. We were worried about our site being taken down by malicious actors but also by unpredictable surges in traffic to the site. The Cloudflare team helped us create firewall rules, lock down our origin, and provided support during the Presidential debate.” Due to the spread of COVID-19, the debate website was the primary source of information for media registration, volunteer applications, and the event calendar for more than 40 themed virtual education events for the community. Overall, the university saw a 5x increase in traffic and blocked more than 80,000 malicious HTTP requests targeting their site.

Read stories from these organizations and Project Galileo here.

2020 U.S. Election: Cybersecurity Analysis

Under Project Galileo, we provide powerful cybersecurity tools to assist organizations such as Vote America, U.S. Vote Foundation, Decision Desk HQ, and many more working in the election space to identify and mitigate attacks targeting their web infrastructure. Along with protection from malicious DDoS attacks, our services also help with large influxes of unexpected traffic as organizations tend to see traffic spikes during voter registration deadlines. During the months leading up to elections, many of these organizations provided up to date information on the changing voting processes due to COVID-19. During the ballot count, many organizations posted election results online as state and local governments began reporting official numbers.

2020 U.S. Election: Cybersecurity Analysis

Many of the election-related organizations under Project Galileo allow you to register to vote, view the status of your voting ballot, and much more. States often hold their state and presidential primaries on different dates with the earliest primaries for 2020 held in March with 24 states and June with 23 states. When looking at cyberattacks against election organizations during the elections, the Cloudflare WAF blocked more than 10 million attacks in 2020. We can see that the WAF mitigated a majority of attacks during these two months, as many states held elections and voter registration deadlines.

2020 U.S. Election: Cybersecurity Analysis

Protecting election websites with the Athenian Project

In 2017, we launched the Athenian Project to provide our highest level of service to U.S. state and local governments running elections. This includes county board of election websites, Secretaries of State, and many smaller municipalities that register citizens to vote and publish election results. Under the Athenian Project, we protect more than 275 election entities in 30 states. In the past year, we onboarded more than 100 government election sites in preparation for the November 3rd election.

Read stories from state and local governments protected under the Athenian project here.

2020 U.S. Election: Cybersecurity Analysis

During the month leading up to elections, we had a team of engineers ready to assist state and local governments looking for help protecting their websites from cyberattacks. We onboarded Solano County in California, who engaged with our team on the best way to secure their election resources as we approached November 3rd.  The right to a free and fair election is one of the most basic civil rights we enjoy as Americans; it is a right upon which many of our foundational civil rights depend. Creating the conditions for transparent, clear, and truthful communications about the process and outcomes of elections is crucial to maintain the public trust in our electoral process, says Tim Flanagan, Chief Information Officer for Solano County. In a few hours, we onboarded the county to Cloudflare and implemented best-practices tailored for election entities that use our services under the Athenian Project. Cloudflare’s services added additional layers of security to our web presence that raised confidence in our ability to assure County’s residents that our election results were trustworthy.

Starting in November, we saw traffic to government election sites increase as many people looked for polling places or how to contact local election officials. We also saw those traffic spikes after election day, as many election websites post periodic updates as the counting of ballots ensues. We reported many of these traffic spikes in the Election Dashboard with Cloudflare Radar.

2020 U.S. Election: Cybersecurity Analysis

For cyberattacks targeting government election websites, we found a majority of attacks before election day and primarily in September with about 50 million HTTPS requests blocked by the web application firewall.

2020 U.S. Election: Cybersecurity Analysis

From November 4 to November 11, the WAF mitigated 16,304,656 malicious requests to sites under the Athenian Project. During this time, many state and local governments were counting ballots and posting election results to their websites. A majority of attacks were blocked by the managed ruleset in the WAF – a set of rules curated by Cloudflare engineers to block against common vulnerabilities – including SQLi, cross-site scripting and cross-site forgery requests. These are not sophisticated attacks that we see, but hackers looking for vulnerabilities to access or modify sensitive information. For example, file inclusion is an attack targeting web applications to upload malware to steal or modify the content of the site.

2020 U.S. Election: Cybersecurity Analysis

Protecting Political Campaigns in 2020

In January 2020, we launched Cloudflare for Campaigns, a suite of free security services to federal campaigns with our partnership with Defending Digital Campaigns. During the course of the year, we onboarded 75 campaigns ranging from House, Senate, and Presidential candidates running for election in 2020. At Cloudflare, we have a range of campaigns that use our services ranging from free up to our Enterprise level plan. Overall, we protected more than 450 candidate sites running for federal office in 2020.

In 2020, the average number of attacks on U.S. campaign websites on Cloudflare per month was about 13 million. When comparing attacks against political campaigns and government election sites, we saw more DDoS attacks rather than hackers trying to exploit website vulnerabilities. As depicted below, campaigns used Cloudflare’s layer 7 DDoS protection that automatically monitors and mitigates large DDoS attacks, alongside rate-limiting to mitigate malicious traffic. For election websites, it’s clear that hackers tried to exploit common website vulnerabilities that were blocked by the WAF and firewall rules, with the goal of gaining access to internal systems rather than make the site inaccessible like we see in DDoS attacks.

2020 U.S. Election: Cybersecurity Analysis
2020 U.S. Election: Cybersecurity Analysis

Lessons learned and how we move forward

We learned a lot from preparing for the 2020 U.S. election while engaging with those in the election space and learned to be flexible in the face of the unexpected. We learned that COVID-19 had impacted many of these groups at a disportionate rate.  For example, organizations that work in promoting online voter registration were well suited for the move to online that we found ourselves in during COVID-19. For political candidates, they had to adapt to moving campaign events and outreach to an online environment rather than the traditional campaign operations of door-knocking and large fundraising events. This move online meant that campaigns needed to pay more attention to digital risks.

We also learned as we approached the November election that the election space involves a range of players. Protecting elections requires not only working with governments to secure their websites for the unexpected, but also working with campaigns and non-profit organizations who work on election-related issues. We appreciated the fact that Cloudflare has many different projects that support a range of players working in promoting trust in the electoral process, giving us the flexibility to protect them. Many of these players need different levels of support and assistance with how to properly protect their web infrastructure from cyberattacks, and having a range of projects offering a different level of plans and support, helped us in finding the best way to protect them. We were able to provide a free set of services to a wide range of players each with separate goals but a common mission: providing authoritative information to build trust in the electoral process.

Both the awareness of the importance of election security and election security itself has improved since the 2016 election. We have seen the benefits of sharing information across many partners, organizations, and local players. To help prepare state and local governments for elections, we conducted webinars and security tunings sessions for many of these election players. In the case of state and local governments we protect under the Athenian Project, as we conducted more security training, we saw many participants recommend others in their state to ensure they were protected as well. For example, a week before the general election, the Wisconsin Election Commission sent an election security reminder with resources on how to mitigate a DDoS attack with Cloudflare to county and municipal clerks across Wisconsin.

At Cloudflare, we worked with a variety of government agencies to share threat information that we saw targeted against these participants. Days before the November 3rd election, we were invited to the last meeting conducted by the Cybersecurity and Infrastructure Security Agency to share threats data we had seen against government election websites and how they could be mitigated to more than 200 general election stakeholders, including counties across the United States.

Weeks after the election, I spoke with Stacy Mahaney, the Chief Information Officer at the Missouri Secretary of State, which is currently protected under the Athenian Project. His comment aptly summarized Cloudflare’s security practices. Security is like an onion. Every layer of security that you add protects against various layers of attack or exposure. We were able to add layers to our security defenses with Cloudflare. The more layers you add, the more difficult it is for attackers to succeed in making voters question the trust of the democratic process that we work to protect every day.”  Information security is about prevention and detection and is a continual process that involves monitoring, training, and threat analysis. By adding more layers including tools such as a web application firewall, 2FA, SSL encryption, authentication protocols, and security awareness training, it makes it more difficult for hackers to penetrate through the security layers.

Although cybersecurity experts concluded that the 2020 election was one of the safest in the history of elections, the work is not done yet. Not only will future U.S. election cycles begin again soon,  but election security is a global concern that benefits from the involvement of experienced players with appropriate expertise. The longer we engage with those working with those in the election space, the more we learn the best ways to protect their web infrastructure and internal teams. We look forward to continuing our work to protect resources in the voting process and help build trust in democratic institutions.

The Cloudflare Radar 2020 Elections Dashboard

Post Syndicated from Matthew Prince original https://blog.cloudflare.com/the-cloudflare-radar-2020-elections-dashboard/

The Cloudflare Radar 2020 Elections Dashboard

The Cloudflare Radar 2020 Elections Dashboard

There is significant global attention around the upcoming United States election. Through the Athenian Project and Cloudflare for Campaigns, Cloudflare is providing free protection from cyber attacks to a significant number of state and local elections’ websites, as well as those of federal campaigns.

One of the bedrocks of a democracy is that people need to be able to get access to relevant information to make a choice about the future of their country. This includes information about the candidates up for election; learning about how to register, and how to cast a vote; and obtaining accurate information on the results.

A question that I’ve been increasingly asked these past few months: are cyberattacks going to impact these resources leading up to and on election day?

Internally, we have been closely monitoring attacks on the broader elections and campaign websites and have a team standing by 24×7 to help our current customers as well as state and local governments and eligible political campaigns to protect them at no cost from any cyberattacks they may see.

The good news is that, so far, cyberattacks have not been impacting the websites of campaigns and elections officials we are monitoring and protecting. While we do see some background noise of attacks, they have not interfered in the process so far. The attack traffic is below what we saw in 2016 and below what is typical in elections we have observed in other countries.

But there are still nearly two weeks before election day so our guard is up. We thought it was important to provide a view into how overall traffic to campaign and elections sites is trending as well as a view into the cyberattacks we’re observing. To that end, today we’re sharing data from our internal monitoring systems publicly through Cloudflare Radar. You can access the special “Election 2020” Radar dashboard here:

https://radar.cloudflare.com/election-2020

The dashboard is updated continuously with information we’re tracking on traffic to elections-related sites, both legitimate and from cyberattacks. It is normal to see fluctuations in this traffic depending on the time of day as well as when there will be occasional cyberattacks. So far, nothing here surprises us.

It’s important to note that Cloudflare does not see everything. We do not, for instance, have any view into misinformation campaigns that may be on social media. We also do not protect every state and local government or every campaign.

That said, we have Athenian Project participants in more than half of US states — including so-called red states, blue states, purple states, and several of the battleground states. We also have hundreds of federal campaigns that are using us ranging across the political spectrum. While we may not see a targeted cyberattack, given the critical role the web now plays to the election process, we believe we would likely see any wide-spread attacks attempting to disrupt the US elections.

So far, we are not seeing anything that suggests such an attack has impacted the election to date.

Our team will continue to monitor the situation. If any state or local elections agency or campaigns comes under attack, we stand ready to help at no cost through the Athenian Project and Cloudflare for Campaigns.

We could not have built Cloudflare into the company it is today without a stable, functional government. In the United States, that process depends on democracy and fair elections not tainted by outside influence like cyberattacks. We believe it is our duty to provide our technology where we can to help ensure this election runs smoothly.

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/election-cybersecurity-preparing-for-the-2020-u-s-elections/

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

At Cloudflare, our mission is to help build a better Internet. As we look to the upcoming 2020 U.S. elections, we are reminded that having the Internet be trusted, secure, reliable, and accessible for campaigns and citizens alike is critical to our democracy. We rely on the Internet to share and discover pertinent information such as how to register to vote, find polling locations, or learn more about candidates.

Due to the spread of COVID-19, we are seeing a number of election environments shift online, to varying degrees, with political parties conducting virtual fundraisers, campaigns moving town halls to online platforms and election officials using online forms to facilitate voting by mail. As the 2020 U.S. elections approach, we want to ensure that players in the election space have the tools they need to stay online to promote trust and confidence in the democratic system.

We’re keeping an eye on how this shift to online activities affect cyberattacks. From April to June 2020, for example, we saw a trend of increasing DDoS attacks, with double the amount of L3/4 attacks observed over our network compared to the first three months of 2020. In the election space, we are tracking trends and vulnerabilities to better understand the threats against these critical players. Our goal is to use the information to create best practices for election and campaign officials so they can be better prepared for the upcoming elections.

Key Takeaways:

  • When comparing types of attacks against campaigns and government election sites, we saw the exact inverse type of attacks with political campaigns experiencing more DDoS attacks while government sites experiencing more attempts to exploit security vulnerabilities.
  • On average, state and local government election sites experience 122,475 cyber threats per day with an average of 199 SQL injection attempts per day.
  • On average, political campaigns experience 4,949 cyber threats per day, although larger campaigns may see far more.

Project Athenian & Cloudflare for Campaigns Participants

Since 2020, the number of domains under Project Athenian has increased by 48 percent, to 229 state and local government election websites in 28 states receiving our security protections. Cloudflare also protects many political campaigns at all levels on a wide range of plans. Under Cloudflare for Campaigns, an initiative we launched in January 2020 to provide a free package of security protections to political campaigns with our partnership with Defending Digital Campaigns, we protect more than 50 political campaigns from candidates in 27 states.

Significant traffic spikes and probing for vulnerabilities to government election websites

For state and local governments, election night and the days leading up that day are typically the most important days of the year. With constituents accessing voter information such as voting and polling stations, election officials expect higher amounts of traffic to their website. Over the last few months, we’ve seen this shift at Cloudflare, with noticeable increases in traffic ranging from 2 to 3 times the volume of requests to many of these government election websites. We believe there are a wide range of factors for traffic spikes including, but not limited to, states expanding vote-by-mail initiatives and voter registration deadlines due to emergency orders by 53 states and territories throughout the United States. In March, more than 23 states conducted presidential primaries including 14 states on Super Tuesday, the most states on a single day to host primary elections.

At this year’s DEF CON Voting Village, experts from the Department of Homeland Security identified routine failure due to abnormally high demand as the largest risk to election systems because of the coronavirus pandemic. We have seen this in full effect, with traffic to election websites being unpredictable, and including unexplained spikes outside of election cycles, per the graph below.

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

To help state and local governments under Project Athenian prepare for elections, we wanted to identify the types of threats that election websites face and how to better protect their website from malicious attacks. Since the beginning of this year, we’ve seen a large number of attempts to exploit security vulnerabilities that were mitigated by the web application firewall (WAF), with 90 million threats blocked in March 2020, for example. Cloudflare’s WAF uses managed rulesets to offer a wide range of protection against known vulnerabilities and suspicious behavior and custom firewall rules to allow users to rapidly identify and adapt to the evolving threat landscape. Of the threats we identified, managed rulesets helped mitigate 51% of threats and custom firewall rules mitigated an additional 35% of threats. Having both managed rulesets and custom firewall rules therefore helps safeguard election information.

In previous elections, attackers have used SQL injections against government election websites to attempt to extract information. We therefore did a deeper dive on those types of attacks, to understand if these threats are being conducted leading up to the 2020 election. We identified a number of SQL injection threats that were blocked by Cloudflare, with an average of 43,884 attempts per day across all domains under Project Athenian. SQL injection attacks are commonly attempted against government election sites, with the WAF blocking an average of 199 SQL injection threats per day.

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

Political Campaigns have experienced more DDoS attacks

When looking at the ecosystem of election security, political campaigns can be soft targets for cyberattacks due to the inability to dedicate resources to sophisticated cybersecurity protections. Campaigns are typically short-term, cash strapped operations that do not have an IT staff or budget necessary to promote long term security strategies.

To gain a better understanding of the threats around political campaigns, we surveyed 80 U.S. federal political campaigns on a range of Cloudflare plans from Cloudflare for Campaigns to our self serve plans. Cloudflare has mitigated a total of 77,192,840 threats on these sites since January 2020. That means that, on average, these sites saw 4,949 threats per day from January 2020 to present.  In general, we see larger scale attacks against Senate candidate’s sites than those of House candidates.

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

As the election season has progressed, we’ve also seen an increase in the average number of attacks against political campaigns, with a 187% increase from May to June 2020. As face to face campaigning is not an option, campaigns now rely on online platforms such as video conferencing software, online fundraising and social media to reach voters. This can present significant cybersecurity challenges to already vulnerable groups, such as political campaigns. Political campaigns are realizing the importance of cybersecurity services and have begun working with state parties and committees on training on the types of cyber threats and widely available resources for campaigns. With basic cybersecurity hygiene training on issues such as password security, two factor authentication, identifying phishing scams, network protection, internal application security and social media privacy, campaign staff are less likely to be the victims of a data breach.

Election Cybersecurity: Preparing for the 2020 U.S. Elections.

There has been a notable amount of DDoS activity against political campaign websites. DDoS attacks, which can be cheap, easy to organize and highly destructive, are often used for targeting political campaigns. A DDoS attack that takes down a campaign’s website during critical times can severely disadvantage a website. Campaigns used rate limiting to address 63% of the cyber threats they experienced, suggesting that DDoS attacks remain a significant concern.

Securing Elections in 2020

Democracies rely on access to information and trust in government institutions, especially during a crisis. Reflecting this reality, elections officials are more aware and focused on reliability and resilience than ever before. Likewise, political campaigns are increasingly aware of the potential risks of DDoS activity and other cyber threats.

As COVID-19 continues to spread, it puts further pressure on ensuring that the Internet can be used to access and share election information. At Cloudflare, we believe that expanding access to tools that election officials and political candidates need to combat a range of online threats both serves our mission to help build a better Internet and strengthens our democracy.

Migrating from VPN to Access

Post Syndicated from Achiel van der Mandele original https://blog.cloudflare.com/migrating-from-vpn-to-access/

Migrating from VPN to Access

Migrating from VPN to Access

With so many people at Cloudflare now working remotely, it’s worth stepping back and looking at the systems we use to get work done and how we protect them. Over the years we’ve migrated from a traditional “put it behind the VPN!” company to a modern zero-trust architecture. Cloudflare hasn’t completed its journey yet, but we’re pretty darn close. Our general strategy: protect every internal app we can with Access (our zero-trust access proxy), and simultaneously beef up our VPN’s security with Spectrum (a product allowing the proxying of arbitrary TCP and UDP traffic, protecting it from DDoS).

Before Access, we had many services behind VPN (Cisco ASA running AnyConnect) to enforce strict authentication and authorization. But VPN always felt clunky: it’s difficult to set up, maintain (securely), and scale on the server side. Each new employee we onboarded needed to learn how to configure their client. But migration takes time and involves many different teams. While we migrated services one by one, we focused on the high priority services first and worked our way down. Until the last service is moved to Access, we still maintain our VPN, keeping it protected with Spectrum.

Some of our services didn’t run over HTTP or other Access-supported protocols, and still required the use of the VPN: source control (git+ssh) was a particular sore spot. If any of our developers needed to commit code they’d have to fire up the VPN to do so. To help in our new-found goal to kill the pinata, we introduced support for SSH over Access, which allowed us to replace the VPN as a protection layer for our source control systems.

Over the years, we’ve been whittling away at our services, one-by-one. We’re nearly there, with only a few niche tools remaining behind the VPN and not behind Access. As of this year, we are no longer requiring new employees to set up VPN as part of their company onboarding! We can see this in our Access logs, with more users logging into more apps every month:

Migrating from VPN to Access

During this transition period from VPN to Access, we’ve had to keep our VPN service up and running. As VPN is a key tool for people doing their work while remote, it’s extremely important that this service is highly available and performant.

Enter Spectrum: our DDoS protection and performance product for any TCP and UDP-based protocol. We put Spectrum in front of our VPN very early on and saw immediate improvement in our security posture and availability, all without any changes in end-user experience.

With Spectrum sitting in front of our VPN, we now use the entire Cloudflare edge network to protect our VPN endpoints against DDoS and improve performance for VPN end-users.

Setup was a breeze, with only minimal configuration needed:

Migrating from VPN to Access

Cisco AnyConnect uses HTTPS (TCP) to authenticate, after which the actual data is tunneled using a DTLS encrypted UDP protocol.

Although configuration and setup was a breeze, actually getting it to work was definitely not. Our early users quickly noted that although authenticating worked just fine, they couldn’t actually see any data flowing through the VPN. We quickly realized our arch nemesis, the MTU (maximum transmission unit) was to blame. As some of our readers might remember, we have historically always set a very small MTU size for IPv6. We did this because there might be IPv6 to IPv4 tunnels in between eyeballs and our edge. By setting it very low we prevented PTB (packet too big) packets from ever getting sent back to us, which causes problems due to our ECMP routing inside our data centers. But with a VPN, you always increase the packet size due to the VPN header. This means that the 1280 MTU that we had set would never be enough to run a UDP-based VPN. We ultimately settled on an MTU of 1420, which we still run today and allows us to protect our VPN entirely using Spectrum.

Over the past few years this has served us well, knowing that our VPN infrastructure is safe and people will be able to continue to work remotely no matter what happens. All in all this has been a very interesting journey, whittling down one service at a time, getting closer and closer to the day we can officially retire our VPN. To us, Access represents the future, with Spectrum + VPN to tide us over and protect our services until they’ve migrated over. In the meantime, as of the start of 2020, new employees no longer get a VPN account by default!

Why the 100th Anniversary of Women’s Right to Vote in the U.S. is Important to Celebrate on International Women’s Day

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/why-the-100th-anniversary-of-womens-right-to-vote-in-the-u-s-is-important-to-celebrate-on-international-womens-day/

Why the 100th Anniversary of Women’s Right to Vote in the U.S. is Important to Celebrate on International Women’s Day

Why the 100th Anniversary of Women’s Right to Vote in the U.S. is Important to Celebrate on International Women’s Day

Seven months ago, I joined Cloudflare to work on the Public Policy Team focusing on our democracy projects such as Project Galileo, Athenian Project and Cloudflare for Campaigns. Since I joined the team, I have learned a lot about how important cybersecurity protections are for organizations that are the target of sophisticated cyberattacks, while also learning about the complex election security environment in the United States and abroad.

It seems fitting that on International Women’s Day, a day people throughout the world are celebrating the achievements of women, we also celebrate the Centennial Anniversary of the Women’s Suffrage Movement which was the tipping point that gave many women voting rights in the United States.

Since I have been working on Cloudflare’s election security projects, this day means something extra special to me and many of my colleagues who believe that voting is the cornerstone of democracy and that having access to information regarding voting and elections is essential.

Why the 100th Anniversary of Women’s Right to Vote in the U.S. is Important to Celebrate on International Women’s Day

Here are five reflections that I want to share on International Women’s Day and the Centennial Anniversary of the Nineteenth Amendment which granted women the right to vote in the United States:

1. The Women’s Suffrage Movement in the United States was a decades-long battle

The Women’s Suffrage movement burst into view in the United States in 1848 at the Seneca Falls Convention, where participants introduced the notion that women deserved their own political identity and that a righteous government cannot exist without equal rights for all. These organizers passed the torch to the Congressional Union for Woman Suffrage, founded in 1913, which raised awareness through distributing pamphlets at street meetings, organizing parades, speaking tours, and petitioning Congress to pass legislation on the movement. In 1919, the Senate passed the Nineteenth Amendment and it was officially ratified on August 26, 1920.

2. Due to racial inequality, many women of color in the United States were not granted the right to vote until 1965

With the ratification of the Nineteenth Amendment in 1920, it technically granted women the right to vote. However, due to widespread inequality within the ranks of the women’s suffrage movement who primarily focused on white middle-class interests, many African Americans, Asian Americans, Hispanics, and American Indian women did not receive the right to vote until later in the century. African American women were not guaranteed the right to vote until the Voting Right Acts of 1965. During the height of the civil rights movement, The Act was signed into law by President Lyndon Johnson to prohibit racial discrimination in voting.

Why the 100th Anniversary of Women’s Right to Vote in the U.S. is Important to Celebrate on International Women’s Day

3. There has been a historical, global increase of women in political power

Much has changed since the ratification of the Nineteenth Amendment. The Center for American Women and Politics in the United States reports that in every presidential election since 1964, the number of female voters has exceeded the number of male voters.

There has also been a historical increase of women in elected offices around the world. This is evident with the highest number of women ever elected to the U.S. Congress in 2018, Slovakia electing the first female president, the United Kingdom electing 220 female MPs to the House of Commons, women making up 49% of Senate of the Republic of Mexico and female Prime Ministers in Denmark, Norway, and Finland. Foundationally, the right to vote is a nonpartisan issue that benefits the interest of the country, strengthens our democracy, and with more women in office, it promotes diversity of thought and experience.

4. The spread of voting and election information has changed

The way we share information has evolved dramatically from distributing pamphlets in 1913 to millions of people sharing information on the Internet across the world in 2020. State and local governments now use their election websites as the primary source to provide up to date announcements and information on how to register to vote, find designated polling stations, and access election results. Political campaigns use their digital infrastructure to release information about their policies, accept donations, recruit volunteers and give updates on the campaign to increase supporters’ engagement.

5. Access to election information is essential to voter turnout and democracy.

Voting is a crucial tenet of our democratic system and regardless of circumstance, individuals should have access to the information necessary to exercise their rights without outside interference. At Cloudflare, our mission is to build a better Internet and part of that is ensuring that users have access to accurate, trusted information, in a safe environment. With many upcoming elections in 2020, it is important that we have confidence in the democratic processes and that starts with ensuring their website infrastructure and internal teams are secure against malicious efforts to take them offline and shake voter’s faith in democracy.

Cloudflare has made election security a priority, investing our time in the Athenian Project and Cloudflare for Campaigns as political campaigns and state and local government election websites are the first line of defense in election security. In 2016, it was reported by the Department of Homeland Security that state and local government election infrastructure in all 50 states were targeted during the Presidential election. Fast forward to 2020, we are protecting more than 170 state and local government election websites and providing services to 18 of the 32 U.S. Presidential campaigns.

Therefore, it seems fitting that we celebrate the Centennial anniversary of the Nineteenth Amendment and International Women’s Day, highlighting the achievement of women throughout history and the importance of voter confidence in the democratic institutions that many fought to participate and have their voices heard.

Working at Cloudflare has allowed me to learn how important access to information is to Internet users, and voters across the world, and I am proud to work for a company that supports strengthening democracy.

If you are interested in learning more about our election project, please visit cloudflare.com/athenian/ & cloudflare.com/campaigns/usa/.