“So how concerned should this incident make campaigns and how can they best protect their digital assets ahead of Election Day? C&E asked Gabe Hammersmith, the CTO of Revolution Messaging, to put it in perspective.
C&E: Should campaigns be worried by the Dyn DNS attack?
Hammersmith: Yes. But only so much as they worry about other catastrophic events beyond their control, like natural disasters or terrorist attacks.
C&E: Can campaigns take any lessons from Bruce Schneier’s warning that some person or group is learning to take the internet offline?
Hammersmith: Friday’s attack on Dyn could be considered a proof-of-concept for Bruce Schneier’s warnings. It was absolutely massive, truly historic in size and scope, but still a long way from taking the internet offline.
So far we haven’t seen any evidence to suggest that any evil doers have both the resources and the desire to successfully pull off such a caper, but these events should serve as a reminder to campaigns that our data in “the cloud” isn’t as omnipresent as we’d like to think. Campaigns should work with an IT professional to map out a disaster recovery plan, and that plan should explore questions such as, “what do we do if the internet is out for an hour, or a day, or a week?”
C&E: What can campaigns do to protect themselves?
Hammersmith: For protection from garden variety DDoS attacks, the best thing a campaign can do is utilize a vendor who provides DDoS protection services. For larger events such as Friday’s attack (where a DDoS protection vendor was targeted), a campaign can retain the services of an IT professional who has a deep understanding of internet services, infrastructure, and routing. This individual would be able to use that knowledge to quickly react to new and unprecedented threats and outages, and minimize the collateral effects to the campaign.”