In 2017, Homeland Security has as much to do with securing digital borders as it does geographical ones. One push the DHS is leading to make cyberspace safe for Americans is the DDoSD project.
The first four letters — DDoS — should be familiar enough by now. We’ve numerous distributed denial-of-service attacks in the recent past, with targets ranging from African wireless carriers to cybercrime bloggers to one of the largest DNS providers in the world.
It’s the last letter in DDoSD that makes all the difference. That D stands for defense, and the Department of Homeland Security’s Cyber Security Division (CSD) is funding multiple systems that have the potential to stem the rising tide of DDoS attacks.
In a post published last week, the DHS stated that its goal is to “build effective and easily implemented network defenses and promote adoption of best practices by the private sector.” With the right tools and the public’s cooperation, the DHS hopes “to bring about an end to the scourge of DDoS attacks.”
The DHS post points to a best practices document that was shared by The Internet Society way back in the year 2000. That document describes “a simple, effective, and straightforward method for using[…]traffic filtering to prohibit DoS attacks.” It’s a good starting point, but the DHS post notes that no one defense system can repel every attack.
That’s why the DHS has multiple teams working on multiple solutions. One is a peer-to-peer system that would allow Internet providers around the globe to collaborate on the automated detection and mitigation of DDoS attacks. Others are focused on neutralizing high-powered attacks.
There’s still work to do, but it’s great to see the DHS leading a coordinated effort because something needs to be done. Last year, DDoS protection provider Imperva Incapsula reported helping its customers fend off an average of 445 attacks every week. Their intensity increased dramatically, too, up from around 200Gbps in 2015 to 470Gbps in 2016.
Add in a report from Verizon that named the three biggest targets of DDoS attacks as cloud and IT service providers (49% of all attacks), the public sector (32%), and banks (9%), and it becomes very clear why we need the DDoSD project to succeed.
Source: SANS ISC SecNewsFeed @ February 20, 2017 at 10:09AM