DNS and the Cybersecurity Requirements for Lotteries

Lotteries fit into the same specialized cybersecurity category as banks, casinos and financial institutions.  All four deal with tremendous amounts of money, and with that comes the need for complex layers of cyber protection.  Lotteries offer a few interesting twists, however, which set them apart. 

The major difference between lotteries and other financial institutions is that they run a relatively lean organization – one where just a handful of people handle operations, sometimes across multiple states and organizational boundaries.  Where banks, casinos, and other financial organizations are highly regulated and require a great deal of attention to cybersecurity compliance, lotteries are largely self-policing.  This low-personnel, high trust environment creates a situation where insider threats are a significant concern – one which faces less public scrutiny than perhaps it should.

Lotteries also face the challenge of being part of larger state government networks – many of which were not designed to protect against the specific type of cyber threats which lotteries are likely to encounter.  Where a cyberattack directed at a state government may be designed to exfiltrate sensitive information, a cyberattack directed at a lottery is more likely designed to alter data or infiltrate code which produces a desired outcome later in a workflow. 

The use case for lottery cybersecurity is more like a SCADA or election system than that of a standard government agency.  Protecting a core system – one with few if any connections to the outside internet – is the primary job of any lottery cybersecurity team. 

The role of DNS in lottery security

A security approach which utilizes client-side DNS is uniquely suited to this set of specialized security requirements.  As the core of all network communication, DNS is a fundamental part of any cyberattack or insider threat activity.  By paying close attention to DNS, lottery officials can not only detect and prevent the movement of malicious software through the network, but do the same for those who would compromise lotteries from the inside.

Use of DNS for command and control is standard practice for most malware, including the advanced persistent threats which use lateral movement (underneath the firewall) to scan for vulnerabilities and desirable information.  DNS is the ultimate gauge of intent – by monitoring DNS information for anomalous patterns or suspicious connections, cybersecurity professionals can quickly locate the source of an attack and cut it off in real time.

The same is true for detecting internal threats to the integrity of lottery practices.  As outlined in the World Lottery Association’s Security Control Standard, lottery networks should be strictly partitioned, with access provided only on a “need to know” basis.  Monitoring (and recording) the actions of individuals on the network through DNS can instantly uncover attempts to cross those partitions and access information unlawfully.

It’s worth noting that standard firewalls and filters sit on the wrong part of the network to be of any use for lottery cybersecurity.  Since most malicious activity would happen within a lottery network, filters and firewalls which only monitor outbound traffic are of little practical value.  Even if they did detect a command and control signal from the outside, boundary level controls would not be able to locate the source IP with any degree of confidence or regularity.  This is why placement of DNS-based security is so important.  Only a DNS security system that is client-facing can deliver the granular information needed to identify and mitigate the specialized security threats lotteries are likely to face.

Proactive vs. Reactive

Taking things a step further, DNS can be used to proactively limit the ability of outside actors to touch core lottery management systems.  A client-facing DNS security system can restrict queries to certain authorized users or devices, effectively reducing the attack surface available to threats from inside or outside the network. 

The visibility and control offered by DNS security systems are ideally suited to the needs of lotteries, where high stakes, relatively small personnel footprints, and network architectures create a situation ripe for cyber exploitation.  With a significant need for both prevention and real-time remediation, DNS security deserves strong consideration in this unique use case.

Learn more about BlueCat’s approach to DNS security here.