EI-ISAC Cybersecurity Spotlight – Denial of Service (DoS) Attacks
What it is
A denial of service attack (DoS) is a cyber attack that originates from a singular source and seeks to disrupt the availability of a system or service. Typically, these attacks target webservers in order to overwhelm the webserver’s Internet connection or its ability to respond to user requests. If the attacker can send more requests than permitted by the system, the webserver or Internet connection will be too busy to respond to additional requests, resulting in a “denial of service” to legitimate users until the number of requests returns to normal levels. To increase effectiveness, attackers may use multiple source computers in a distributed denial of service (DDoS) attack. Of note, computers participating in a DDoS attack may be infected with malware that conducts the attack, which means they are also victims of malicious activity.
Why does it matter
Attacks like this could be the result of a politically motivated actor targeting the elections infrastructure or elections infrastructure may be indirectly impacted by targeting against other state/county/city infrastructure. DoS attacks can also be accidental if a large number of users attempt to access a website at the same time. A well-timed DoS attack near a candidate filing or voter registration deadline could prevent the public from accessing online services and/or websites, resulting in a candidate or voter missing the deadline.
DoS attacks could affect the public’s perception of the integrity of U.S. elections infrastructure. For example, in 2012 and 2013 DoS attacks targeted several major banks. Although the banking infrastructure was not affected, citizens were concerned because they could not reach their bank’s website and the attacks received national and international news coverage.
What you can do
Preventative services such as those provided at no-cost by Cloudflare and Google will mitigate instances of these attacks. More information on these types of attacks and how to respond is available in our Guide to DDoS Attacks.
The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact firstname.lastname@example.org.