U.S. Election Authorities Brace for Cyber Attacks Amid Voting Season

As the 2024 U.S. election approaches, both the FBI and CISA are raising alarms about potential Distributed Denial of Service (DDoS) attacks targeting election-related infrastructure. These attacks, typically employed by hacktivists and cybercriminals, aim to disrupt public access to election information by overwhelming websites with excessive traffic. According to the FBI and CISA, "In the past, cyber actors have falsely claimed DDoS attacks have compromised the integrity of voting systems to mislead the public that their attack would prevent a voter from casting a ballot or change votes already cast." The agencies also observed, "In recent years, DDoS attacks have been a popular tactic used by hacktivists and cybercriminals seeking to advance a social, political, or ideological cause."

The main concern highlighted by the agencies is the potential disruption to public-facing, internet-accessible services like voter registration and access to polling information, rather than the voting process itself. Cait Conley, a senior advisor at CISA as reported by The Record, emphasized that while these attacks might cause temporary disruptions, "They may cause some minor disruptions or prevent the public from receiving timely information." It is crucial for voters to understand that these disruptions do not reflect the security or integrity of the voting process itself. Both agencies have stressed, "The FBI and CISA have no reporting to suggest a DDoS attack has ever prevented an eligible voter from casting a ballot, compromised the integrity of any ballots cast, or disrupted the ability to tabulate votes or transmit election results in a timely manner."

To combat misinformation and ensure voter confidence, the FBI and CISA are working closely with federal, state, and local election partners. They advise voters to rely on official sources for accurate election information and have plans in place to manage and mitigate any impact from DDoS attacks effectively. This proactive approach includes educating the public about the nature of these attacks and reinforcing that they have no effect on the actual casting or counting of votes. As part of their ongoing efforts to secure the electoral process, these agencies continue to monitor cyber threats and are prepared to respond to any incidents that may arise.