The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations.
DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible.
Meant to help federal agencies prevent “large-scale volumetric attacks against web services”, CISA’s new guidance (PDF) shares details on prioritizing DDoS mitigations depending on mission and reputational impact, and describes various DDoS mitigation services to help agencies make informed procurement decisions.
The guide, however, only focuses on DDoS attacks targeting websites and related web services, which are meant to deny user access to them.
According to CISA, before deciding which type of DDoS mitigation to adopt, federal agencies should make an inventory of agency-owned or -operated web services, and then analyze the impact a DDoS attack would have against those services.
For that, CISA proposes five categories of impact and encourages federal agencies to assign a score in each of them: impact on public transactions, impact on public access to information, impact on government and industry partnerships, impact on the agency’s day-to-day activities, and reputational impact.
Next, each agency should assess the importance, or weight, of each impact category, based on mission and risk tolerance.
“Agencies that depend on public perception for the successful execution of their mission may choose to give more weight to scores in the reputational impact category, whereas agencies that are reliant on partnership with scientific or academic organizations may choose to weight the government and industry partnerships category more heavily,” CISA explains.
After calculating the impact score for each of their web services, federal agencies should create a ranked list of DDoS attacks and, based on that, prioritize the implementation of specific DDoS mitigations.
When considering the adoption of mitigations against DDoS attacks, federal agencies should look at content delivery networks (CDNs), internet service providers (ISPs) and upstream providers, and cloud service provider hosted services.
“CDN mitigations provide the highest degree of protections. Both ISP and CSP are sufficient if service providers can provide the proper compute and bandwidth resources. On-premises solutions are highly unlikely to provide sufficient compute and bandwidth due to its inability to scale; CDN solutions are highly advised,” CISA notes.
Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation
Related: CISA Releases Cyber Defense Plan to Reduce RMM Software Risks
Related: CISA Unveils Cybersecurity Strategic Plan for Next 3 Years
More from Ionut Arghire
- European Telecommunications Standards Institute Discloses Data Breach
- Johnson Controls Ransomware Attack Could Impact DHS
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Silverfort Open Sources Lateral Movement Detection Tool
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
Latest News
- European Telecommunications Standards Institute Discloses Data Breach
- Number of Internet-Exposed ICS Drops Below 100,000: Report
- Johnson Controls Ransomware Attack Could Impact DHS
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- Silverfort Open Sources Lateral Movement Detection Tool
- Bankrupt IronNet Shuts Down Operations
