Cyber Incident Victim: Knox County

On May 1, 2018, during local elections in Knox County, Tennessee, the county’s Election Commission website experienced a distributed denial-of-service (DDoS) attack that rendered it inaccessible to the public. The attack coincided with the display of primary election results for the county mayoral race, causing the site to go offline on Tuesday evening. Knox County officials confirmed via Twitter that their web servers had suffered a "successful denial of service attack" but clarified that election results remained unaffected because voting machines were never connected to the internet. The county’s IT Department detected "extremely heavy and abnormal network traffic" consistent with a DDoS, with originating IP addresses traced to both domestic and international locations. IT Director Dick Moran emphasized the attack aimed to disrupt server availability rather than infiltrate systems.

To maintain transparency during the outage, Knox County distributed printed election results to the public. The following day, Mayor Tim Burchett issued a statement reaffirming that the attack did not compromise vote tallies or election integrity, though he acknowledged the disruption was unacceptable and warranted investigation. The county contracted Knoxville-based cybersecurity firm Sword & Shield Enterprise Security to conduct an independent analysis of the incident and determine the attack’s exact nature. Burchett publicly disputed external claims questioning his office’s assessment of election security, reiterating that the isolated design of the voting system—air-gapped from the internet—prevented any risk to vote integrity. The compromised website solely displayed results and did not receive or tabulate votes. Homeland Security was engaged due to its role in national election security initiatives, though no further details about federal involvement were disclosed in initial reports.