Update: Tuesday, November 8th, 2016 7:00pm EST

Polls are starting to close and every indication points to no election day disruption due to DDoS attacks on DNS providers.

electionDNS_700

We did observe that some of the states saw increased traffic that potentially impacted end users.

Nevada

Nevada Elections tweeted about the issue.

nevada_tweet

Update: Tuesday, November 8th, 2016 3:30pm EST

Late afternoon shows no widespread issues impacting battleground state electoral sites.  Some slow downs in individual state sites are occurring but this looks like the result of performance degradation due to increased load, see below what state election officials needed to prepare for before the election.

election_3pm

Update: Tuesday, November 8th, 2016 12:00pm EST

No signs of DNS based DDoS cyberattacks or cyber-interruptions with battleground state election websites.  Our team will continue to monitor things as the day progresses.

electionDNS_noon

Update: Tuesday, November 8th, 2016 9:30am EST

Having a deeper look at the candidate’s websites over the past 48 hours.  Both candidates sites have made last minute changes that we can see by the changes in response times and amount of data and objects being delivered.  As with all things web performance related, changing content can impact end user experience.

Hillary Clinton (https://www.hillaryclinton.com)

Clinton_am

Donald Trump (https://www.donaldjtrump.com)

trump_am

Update: Tuesday, November 8th, 2016 9am EST

Here is a dashboard we are using to track battleground state and candidate websites over the past 48 hours.  Interesting activity on both candidate sites as they make last minute content changes on the eve of the election.  Will update some detail on that shortly.

electionday_am

Update: Tuesday, November 8th, 2016 8am EST

Morning of election day, here is the performance of the key battleground state election sites for the past 36 hours.  Some state election sites are providing more consistent performance than others.  We will update this throughout the day.

states_745

Update: Monday, November 7th, 2016 10pm EST

As we watch the state level electoral sites here are some of the ways we use Synthetic Monitoring (proactive software robots) to provide validation that the websites are not being impacted by a malicious actor.  In some types of attacks a malicious party could try to redirect end users from a legitimate site to a false site.  In situations like this there are a number of techniques which can be used to proactively validate that a site is responding the way that it is supposed to.

The most direct way to do this is to apply a validation rule.  Below is an example where a string (series of characters) has to be seen every time that site is loaded.  In addition to make sure that the validation string is correct, you can ad a locator rule which means that the string is only valid if it is found on a certain part of the page.

validation

Another way to validate the page is being delivered as it is expected, is to proactively monitor Key Delivery Indicators like the number of bytes, objects, connections and hosts.   Often when a malicious actor takes over a site they change the expected content seen by end users.  This can be seen in changes in the number of bytes, objects, hosts, etc… being delivered.  For example every time I load this page, 1MB of data is transferred, if we don’t see that amount of data something is amiss and alert us to that.

byte_count

There is a caveat here, highly dynamic sites will have constant changes in these values.  In those situations you will want to rely on validation strings over this approach.

Update: Monday, November 8th, 2016 1pm EST

We are 24 hours away from the end to the 2016 Election Cycle, and as a historic campaign comes to a close all eyes turn toward the “battleground” states. With fears of cyber attack being discussed in the media I decided to place some synthetic monitoring on the main election pages for each of the battleground states. These pages are used by state voters to locate their designated polling place and obtain instructions on voting procedures. The monitoring is done by software robots from locations all across the United States.

Cyber attack

The idea is to look for indicators that a cyber attack like the Friday Oct 21st DDoS attack was underway.  That cyber attack focused on attacking DNS (Domain Name Service) providers.  DNS can be simply described as an internet phone book, mapping site names to IP addresses.  Attacking DNS providers is like burning all the phone books for the phone company or deleting all your contacts in your address book, the internet still functions but trying to get to site becomes difficult or impossible.

Below you can see the DNS performance of each battleground state for the past 24 hours.  This is one of the ways I will be monitoring for potential cyber-disruption during election day.

DNS

Digital Preparedness

In addition to monitoring for cyber-disruptions I will also be looking at digital preparedness for each battleground state election site.  In this analysis we will be looking at how fast the state election sites can respond to a request from and end user.  The specific metric we look at is W3C Request time. This is a marker which indicates when the first byte/packet of data for a request is seen by the end user’s browser.  You can think of this as application/server think time, we want to know if the websites servers and applications slow down when under heavy load.

Below is a view of that W3C Request/First Byte Time of each battleground state website.

request

There are industry-proven strategies for ensuring digital preparedness that state websites should look to when developing applications to serve their voters.  The applications supporting these websites can be very complex and understanding this complexity is the key to ensuring digital preparedness.  Below is an example of the dependencies seen in an application supporting a website.  You can see that even relatively simple site can have substantial complexity which needs to be managed to ensure satisfactory end user experience.

smart

If a state’s election website is not digitally prepared and the site slows down or fails under extreme loads on election day, voters will be unable to know where to go to vote.

State Digital Performance Results

The final aspect I will look at is the digital performance results for each battleground state site.  I will measure how long it takes a page to be “interactive”, the point where a voter could start looking for where their polling site is.

DOM

While DNS and W3C/Request all impact end user (voter) experience there are other indicators to look at.  I will watch indicators like…

  • Byte count (Page Weight), this is how much data gets transferred when a page is loaded.
  • Object and Connections, this is how complex a page is
  • Hosts, this is the number of third parties being used like social media, trackers, ads, etc…

Below you can see that some of the state elections sites are very simple pages where other are more complex.

KDI

Things to look for

Digital Transformation is not limited to the retail and financial industry.  Every aspect of our lives are being touched by Digital Transformation. Voters from across the US will be accessing their local state sites to find out where and when to vote.  This is just the beginning of how important digital transformation will be to the election process.

map

I will be looking at other indicators of how effective each battleground state’s election site are, and how they have embraced digital transformation.  Check back here for updates over the next 36 hours.