Election Ecosystems, How The Two U.S. Political Parties Stack Up

We are about one week away from the U.S. election and a lot is at stake for both parties. While the political pundits are focused on polling numbers and predictions, at Cyberpion we are focused on the vulnerabilities that exist within an organization’s online ecosystem. For a refresher on what an online ecosystem is, see this blog post: What Is An Online Ecosystem?

As we continue to track various hacking campaigns throughout the internet, there is a growing trend that is very relevant for this election cycle: the rise in attacks and vulnerabilities in the ecosystems of state, local, and federal government organizations. While it would be irresponsible for us to post those vulnerabilities in a public forum, we still want to illustrate our point that government-operated ecosystems are as at-risk as any other organization.

In this post I will walk through the ecosystems of the two major U.S. political parties as examples of government-related ecosystems and provide some insights into their nature, scale and scope that are produced by our Ecosystem Security platform.

Democrats vs. Republicans

We applied the Cyberpion Ecosystem Security platform to the primary domains of each of the parties and their presidential candidates’ main site to learn about their ecosystem. We limited the analysis to a single scanning pass on each ecosystem. This type of limited analysis provides cursory information about an organization’s ecosystem. Full and continuous scans would likely enhance and improve the accuracy of these results. Additionally, to avoid exposure of sensitive information we are reporting only surface level data.

Ecosystems

Republicans

The Republican party maintains the .GOP top-level domain (TLD), but most of its assets operate under a range of other TLDs.

The assets within the Republican party ecosystem are more compartmentalized and have lower connectivity. (11.4 connections per asset)

In general, the Republican party relies on a low number of external infrastructures in every category: Web, Cloud, DNS and PKI.

In the Cloud, the Republican party relies mainly on Amazon’s AWS public cloud infrastructure and utilizes multiple CDN and web firewalls to improve performance and security.

Democrats

The Democratic party maintains fewer top-level domains but utilizes more active sub-domains.

The ecosystem of the Democratic party contains significantly more connections to external third parties and assets. (28.3 connections per asset)

The Democratic party assets rely on a variety of external infrastructures and third parties, significantly more than the Republicans.

In the Cloud, the Democratic party leverages multiple public cloud providers including Amazon’s AWS and Google, and utilizes a CDN and web firewall provider to improve performance and security.

Key Findings:

44%

of their assets are hosted on public cloud infrastructures

20%

of assets are vulnerable or have risky connections

8%

of their login pages are misconfigured

Key Findings:

47%

of their assets are hosted on public cloud infrastructures

20%

of assets are vulnerable or have risky connections

20%

of their login pages are misconfigured

Conclusion: The Democratic Party’s Online Ecosystem Is Larger And More Diverse

Next, let’s explore the implications of these two ecosystems

Ecosystem Risks

The Larger the Ecosystem, the Higher the Risks (Maybe)

Having a larger ecosystem and leveraging more external third parties and assets does not always imply that these assets are more vulnerable. However, in our scans of customer ecosystems we do see a strong correlation. The larger the ecosystem, the more difficult it is to discover, maintain and secure.

In our analysis of the ecosystems of both parties, the external infrastructures that are connected to the assets of the Democrats do exhibit more severe misconfiguration issues, compared to Republican assets. These misconfiguration issues appear to be exploitable.

It is important to note that not every external infrastructure misconfiguration is critical to the security of the organization. However, when we narrow our analysis to just critical connections – those that if compromised would expose the organization to a higher risk, the ratio of good to bad configurations holds true for both organizations. Since the Democrats maintain a larger ecosystem, they have a larger number of critical misconfigurations.

Additionally, when we examine our historical logs from the last 12 months, we identified one attack via a third-party infrastructure in which an asset of the Democratic party was adversely affected. The issue is now fixed.

Conclusion: Having more connections and more severe vulnerabilities means that the Democrats face a higher risk of being compromised.

Unknown Asset Discovery

Beyond detection of security issues, Cyberpion can detect assets that are likely unknown to the IT and Security teams of our customers. This is primarily based on an ecosystem hygiene analysis. The platform can determine the difference between what an organization and its security team are actively managing versus assets that appear to have been forgotten or abandoned.

Both Parties Have Work to Do

Our recommendation is that both organizations need to be better at maintaining the hygiene of their ecosystems. Both have misconfigured assets that can lead to abuse, embarrassment and ironically, run afoul of government regulation issues.

While the Republican party has security problems of lower severity, this hygiene analysis is about the number of assets belonging to the organization that are probably unknown to the IT or security team. In this context, the winner is… the Democratic party: it has a lower number (total and %) of assets that suffer from basic misconfiguration issues and the number of indications for forgotten and abandoned assets is lower.

Conclusion: Maintaining good ecosystem hygiene is a continuous process for both parties, and for all organizations. At any given time, an organization can lose track of an asset that could be leveraged against them

Overall Conclusion

No matter how visible an organization is in the public spotlight, whether it’s in the heat of a hotly contested election cycle or going about its day-to-day business, the potential risks within their online ecosystems do not go away. Only a consistent and methodical approach to discovering and managing their ecosystem is the best path to a winning cybersecurity posture.