Following attacks on political party websites, this guidance provides a summary of 5 practical steps that your organisation can take to help it prepare to respond in the event of a Denial of Service (DoS) attack.
Over recent years, there have been reports from several countries of cyber attacks, using a variety of techniques, timed to coincide with elections around the world. This includes attacks to disrupt the websites of political parties and electoral authorities. The NCSC is aware of denial of service attacks on UK political party websites in the run up to the 2019 General Election.
It is not possible to fully mitigate the risk of a denial of service attack affecting a service, but there are some practical steps that organisations can take to help them prepare their response, in the event that their website is subjected to an attack.
DoS, and Distributed Denial of Service attacks (DDoS), can be concerning for many organisations. DoS and DDoS attacks are comparatively cheap and easy for attackers to run, and can therefore be launched by hacktivists, organised criminals and high capability attackers. Such attacks can prevent legitimate users from accessing services for a considerable period of time.
Failing to plan for DoS attacks can make business continuity and recovering from an attack more expensive, and less certain. Good planning for DoS attacks can help to improve the resilience of your website and lower the cost and potential impact of such an attack. This preparation is summarised below, with links to the full guidance:
Understand your service
Understand what websites and services you have and prioritise what matters. Then understand where your service or website resources can be overloaded or exhausted. Determine whether you, or a supplier, are responsible for each. Read the guidance.
Ensure you know who provides which of your services (for example hosting, content, ISP) and that your service providers are ready to deal with resource exhaustion in places where they are uniquely placed to help. If your service has an interface with the public consider deploying a Content Delivery Network (CDN) which can absorb large amounts of traffic as usually seen in a DDoS attack. Read the guidance.
Ensure your service can scale to deal with surges in concurrent sessions (for example a very large number of simultaneous connections to a webpage). Read the guidance.
You should design your service, and plan your response to an attack, so that the service can continue to operate, albeit in a degraded fashion. Read the guidance.
Testing and monitoring
Gain confidence in your defences by testing them, and gain confidence you’ll notice when attacks start by having the right tooling in place. Also make sure you know what any ‘attack protection’ options from your providers will do and what impact they’ll have on your service. Read the guidance.
You should also have a communications plan in place. As a minimum consider how you would brief the key people within your organisation and ensure they were prepared to react appropriately, decide how you will inform your users and what to say in the event of disruption to your service, and prepare lines for any press enquiries.
If your service alerts you to a DoS attempt, whilst this might cause alarm, it is reassuring to know that your DoS protection system appears to be working well and helping to reduce the impact of an attack. Do not panic and make unnecessary changes unless the attack is having an actual impact on your system.
The NCSC’s full guidance on understanding, preparing and handling DoS attacks can be found here.