Regardless of whether or not the SNS sale is attached to the NNS (it probably shouldn’t be), the focus should be to expand the capacity of the network (and subnets) to be able to handle a large enough # of txn/s for any reasonable event, including against a potential DDOS attack of the NNS.
@icme raises a red flag here - if I were to stage an attack on the NNS, I’d upload a malicious wasm, get a few whale bad actors on board, vote (pass 3% voting threshold), and attempt to DDOS the NNS to block any votes going through afterwards until the replica/canister upgrade is made.
Maybe a bit more manageable of an attack would be to wait until a few hours before a less controversial proposal ends but named neurons haven’t voted yet (DFINITY, ICPMN, etc.) and then DDOS the NNS for just a few hours to prevent votes from being cast.
I don’t know how reasonable/manageable this is, but it might also make sense to try to decouple the ICP ledger from the NNS. It’s concerning that an attack (intentional or not) on the NNS halts IC-wide transactions (unless that’s by design 
).