CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the integrity or security of the 2024 U.S. general election processes.
While threat actors have falsely claimed in the past that DDoS attacks compromised voting systems, the FBI and CISA are yet to find any evidence of such attacks disrupting election results, preventing voters from casting ballots, or disrupting the authorities’ ability to transmit election results.
“These low-level attacks, which are expected to continue as we approach the 2024 U.S. general election, could disrupt the availability of some election-related functions, like voter look-up tools or unofficial election night reporting, during the election cycle but will not impact voting itself,” a joint public service announcement published today reads.
“Threat actors may falsely claim that DDoS attacks are indicative of a compromise related to the elections process as they seek to undermine confidence in U.S. elections.
“In recent years, DDoS attacks have been a popular tactic used by hacktivists and cyber criminals seeking to advance a social, political, or ideological cause.”
As the two federal agencies said, even if cybercriminals or state-sponsored actors launch DDoS attacks against election infrastructure or adjacent infrastructure that supports the election procedures, the core data and internal systems will remain secure, while all eligible voters will still be able to cast their ballots.
The FBI and CISA recommend that voters obtain information from official sources, such as state and local election officials, regarding voter registration, polling locations, mail-in voting, and election results. If the official website for their election office is inaccessible, they should contact state or local election officials.
Voters are encouraged to report suspicious or criminal activity, like DDoS attacks, targeting election systems to their local FBI field office by calling 1-800-CALL-FBI or online at ic3.gov.
The FBI is in charge of investigating and prosecuting election crimes, hostile foreign influence operations, and malicious cyber activity targeting election infrastructure, while CISA, as the Sector Risk Management Agency for Election Infrastructure, helps secure election infrastructure from physical and cyber threats.
“With Election Day less than 100 days away, it is important to help put into context some of the incidents the American public may see during the election cycle that, while potentially causing some minor disruptions, will not fundamentally impact the security or integrity of the democratic process,” said CISA Senior Advisor Cait Conley.
“DDoS attacks are one example of a tactic that we have seen used against election infrastructure in the past and will likely see again in the future, but they will NOT affect the security or integrity of the actual election.”
The FBI and CISA issued a similar PSA in October 2022, saying that “cyber activity” attempting to compromise election infrastructure is unlikely to prevent voting or cause massive disruption.