Inaccessibility of Major Media Web Sites after Malaysia election announcement..

We don't want to see this after the election. We want the hottest news from major media website after election results were announced. However with this, as an international reader, we are unable to achieve that. What does it show us are possibly the following from information security's perspective:

1. Lack of business continuity planning for the media website? The viewer is too many for the server to handle the request at a time?
2. Some hackers had successfully brought down the servers?

To give some advice, here's some enlightenment.
Item 1:
Plan ahead. As we are aware that a webserver is able to serve limited number of requests at a time, it is possible to anticipate or plan the maximum number of hits per server. Considering that a media website requires heavy audio and visual content, the server serve less request at a time. Thus the maximum number of readers a web server can serve will be proportionally reduced. Server farms is one of the method to increase the number of hits at a time and I believe the media has already put in place this method. The other thing would be to deploy http accelerator to serve more requests. Or to deploy a cache server to filter the static from the dynamic content to serve certain percentage of the requests to make it more responsive. Or buy more servers to serve more requests. Or to reduce heavy audio or visual content on certain websites. Or failover to another web farms in the event that the fist web farm was paralysed. To name a few.

Item 2:
Backup the whole content at the first place. Normally when a website is hacked, the result are possibly one of the following:
1. The content of the website are changed or modified.
2. The server services are down due to some scripts were already injected to the website that prevent the server to start even restarting.
3. Redirect the website link to other external link.

when a hacker intend to hack a website, there are 3 elements involved behind this act.
Intention/motivation, opportunity and pressure. If the hackers has intention or he is given monetary value to perform that, the first element fulfills. However if no opportunity, he will not be able to do it. Somehow if there is opportunity and monetary to reward the hacker, there is no 100 percent confirmation that he will do it because the hacker knows that his act is illegal and once he is caught, he will be heavily penalised. Thus the last element, pressure, will determine a hacker is able to launch an attack considering first and second elements are in place.

We can't possibly prevent a hacker from launcing such an attack because it is nearly impossible to track down who is the hacker in a timely manner. By the time he is traced, potentialy the hacker already move on to other location.

In this context, what we can do is possibly by deploying preventative measures such as application firewall to allow legitimate traffic flow into the web server. When suspicious traffic such as scripts injecting into the website, the firewall is able to pick up and block it. However, many a times, it is embeded into legitmate http request and it is tought to be blocked by the firewall. In this case, this can be because of cross site scripting sort of attacks. When preventative is impossible, it has to be mitigated by compensating controls such as deploying file integrity solutions to detect any modification to the web content. In this case if there is unauthorised changes made to the web content, the solution is able to restore back to its original web content and maintain its operational status.