Stopping an Agency DDoS Attack Just Got Easier
In May, the Federal Communications Commission’s (FCC) comment system was hit with multiple Distributed Denial-of-Service (DDoS) attacks making it difficult for the public to access and file comments online.
In July 2016, the Library of Congress was attacked and many of it’s public-facing sites were knocked offline. Moreover, several online cyber vandalism groups have long targeted the federal government for DDoS attacks.
The federal government is also a big customer of Internet of Things (IoT) devices, which were the conduit for the Mirai botnet to use DDoS attacks to take down the Internet infrastructure firm Dyn in October. While these devices and the data they collect and transmit present enormous benefits to consumers, industry and federal agencies, the insecurity of many IoT devices presents challenges. Sometimes shipped with factory-set, hardcoded passwords and oftentimes unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack.
In fact, today’s DDoS attacks are growing in size, frequency and complexity and no agency is immune from these threats. While DDoS attacks can cost businesses productivity and revenue, an attack on federal systems can disrupt its service to citizens or place undue risks onto the country’s national defense system.
This month, U.S. Senators Cory Gardner (R-CO) and Mark R. Warner (D-VA), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-WA) and Steve Daines (R-MT) introduced bipartisan legislation to improve the cybersecurity of Internet-connected devices. The Internet of Things Cybersecurity Improvement Act of 2017 would require that devices purchased by the U.S. government meet certain minimum-security requirements. Under the terms of the bill, vendors who supply the U.S. government with IoT devices would have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities, among other basic requirements.
Scrubbing-center mitigation techniques, alone, are not enough to manage today’s highly-sophisticated and distributed attacks. Federal agencies need to defend against a variety of attacks types by deploying a multi-layered security approach backed by threat research.
There are many ways agencies can stop a DDoS attack by:
- Identifying the attack early
- Overprovisioning bandwidth
- Defending the network perimeter
- Calling your ISP or hosting provider
- Creating a DDos playbook
- Calling a DDoS specialist
Sword & Shield Federal, a division of Sword & Shield Enterprise Security, Inc., now partners with companies that can provide a full range of proactive and reactive mitigation at a fixed-fee service. Sword & Shield Federal DDoS Mitigation Service powered by Level 3 includes a 24 X 7 incident response team that can quickly provide the first level of mitigation and a scalable, cloud-based solution. Agencies can leverage this solution as-needed for any kind of DDoS attack. The features of this solution include:
- Resistant Router Network This network has already been configured to prevent IP-directed broadcast, Proxy ARPs, and IP redirects, thereby making it more resistant to DDoS attacks. The service monitors production networks for all security anomalies, including DDoS attacks, and takes immediate action when such an attack is identified.
- Deployment of DDoS Tracking System The DDoS Tracking system that can trace attacks involving forged source addresses. Due to the nature of DDoS attacks, the tracing activity involves a significant amount of coordination with other ISPs.
It’s no longer a matter of if a DDoS attack will hit your agency’s infrastructure, but when an attack will happen. Let us help your agency fight off these impending attacks.
Call us at 800-860-0075 or email us at firstname.lastname@example.org to see how we can be your industry partner for a secure future.