The CIA Triad is a comprehensive framework for building secure and resilient systems. Availability, confidentiality, and integrity are the three core principles that build the CIA Triad. A failure in any core aspect can undermine the overall security posture and lead to operational, financial, or reputational damage. Availability ensures authorized users have reliable access to information and systems when needed. An “attack on availability” might lead to downtime for a system or resource, resulting in significant harm and losses. Some common techniques to attack the availability of a system or resource include Distributed Denial of Service (DDoS) attacks, ransomware attacks, SYN flood attacks, ping of death, zero-day exploits, and resource exhaustion attacks.  

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an announcement on July 31, 2024, to raise awareness about the threat of Distributed Denial of Service (DDoS) attacks on election infrastructure or adjacent infrastructure that support election operations. They warned that it could hinder public access to election information and disrupt the availability of some election-related functions, like voter look-up tools or unofficial election night reporting, during the election cycle. The announcement explains that DDoS attacks occur when malicious cyber actors flood a public-facing, internet-accessible server with requests, rendering the targeted server slow or inaccessible. This temporarily prevents legitimate users from accessing online information or resources, such as web pages and online services, and may disrupt business activities for a period of time. Specific to elections, DDoS attacks targeting election infrastructure could prevent a voter from accessing websites containing information about where and how to vote, online election services like voter registration, or unofficial election results. An interesting point and broader implication is that threat actors may falsely claim that DDoS attacks are indicative of a compromise related to the elections process as they seek to undermine confidence in U.S. elections. Election officials have multiple safeguards, backup processes, and incident response plans to limit the impact of and recover from a DDoS incident with minimal disruption to election operations. (Internet Crime Complaint Center (IC3) | DDOS Attacks: Could Hinder Access to Election Information, Would Not Prevent Voting, 2024)

Resource:

Internet Crime Complaint Center (IC3) | DDOS attacks: Could hinder access to election information, would not prevent voting. (2024, July 31). https://www.ic3.gov/PSA/2024/PSA240731