Protect Your Website

An election office’s website may perform a variety of key functions like facilitating voter registration, mail-in or absentee ballot requests and tracking, polling place lookup, and serving as a trusted source of information about election processes and security in its jurisdiction. Malicious actors may seek to deface election office websites, prevent access to them via distributed denial-of-service (DDoS) incidents, or attempt to compromise them to gain unauthorized access to data. They may also attempt to spoof legitimate election websites by using similar-looking domains.

Threats to Websites and How to Protect Against Them

Icon of computer monitor with exclamation alert on screen

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)

A denial-of-service (DoS) incident occurs when legitimate users are unable to access information systems, devices, or other network resources. A DoS occurrence is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS incidents can occur for non-malicious reasons (e.g., high volumes of legitimate internet traffic causing a website outage) or due to the actions of a cyber threat actor.

A DoS incident is categorized as a distributed denial-of-service (DDoS) attack when the overloading traffic originates from more than one machine with multiple machines operating in concert. To carry out a DDoS attack, threat actors often leverage a botnet—a group of hijacked internet-connected devices—to appear, from the targeted entity’s perspective, to come from many different sources.

Use these resources to mitigate against DoS and DDoS:

Election Infrastructure Cybersecurity Readiness and Resilience Checklist - This checklist provides a series of questions to guide the decision-making necessary to prepare for potential cybersecurity incidents.
PSA: Just So You Know: DDoS Attacks Could Hinder Access to Election Information, Would Not Prevent Voting - The FBI and CISA are issuing this announcement to raise awareness that DDoS attacks on election infrastructure, or adjacent infrastructure that support election operations, could hinder public access to election information but would not impact the security or integrity of election processes.
No Downtime in Elections: A Guide to Mitigating Risks of Denial-of-Service - This resource explains denial-of-service (DoS) incidents and how to mitigate the risks associated with them.
CISA's Web Application Scanning - This service assesses the "health" of your publicly accessible web applications by checking for known vulnerabilities and weak configurations.
Free DDOS Protection Services - A full list of services is available in "Category 3: DDOS, Step 2” of the cybersecurity toolkit.

Icon of web browser on computer screen with several targeting rings

Website Spoofing

Cyber actors set up spoofed domains with slightly altered characteristics of legitimate domains. A spoofed domain may feature an alternate spelling of a word (“electon” instead of “election”), or use an alternative top-level domain, such as a “[.]com” or “[.]net” version of a legitimate “[.] gov” website. Spoofed domains are leveraged by foreign actors and cybercriminals and can be easily mistaken for legitimate websites. Adversaries can use spoofed domains to disseminate false information; gather usernames, passwords, email addresses, or other personally identifiable information from site viewers; and spread malware, leading to further compromises.

Use these resources to mitigate against website spoofing:

.Gov Domain - Transition official government domains to a top level .gov domain. This makes it easy to identify governments on the internet and using a .gov domain shows you’re official.

Return to #Protect2024