Government

CISA Releases Guidance on Adopting DDoS Mitigations

CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.

CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations.

DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible.

Meant to help federal agencies prevent “large-scale volumetric attacks against web services”, CISA’s new guidance (PDF) shares details on prioritizing DDoS mitigations depending on mission and reputational impact, and describes various DDoS mitigation services to help agencies make informed procurement decisions.

The guide, however, only focuses on DDoS attacks targeting websites and related web services, which are meant to deny user access to them.

According to CISA, before deciding which type of DDoS mitigation to adopt, federal agencies should make an inventory of agency-owned or -operated web services, and then analyze the impact a DDoS attack would have against those services.

For that, CISA proposes five categories of impact and encourages federal agencies to assign a score in each of them: impact on public transactions, impact on public access to information, impact on government and industry partnerships, impact on the agency’s day-to-day activities, and reputational impact.

Next, each agency should assess the importance, or weight, of each impact category, based on mission and risk tolerance.

“Agencies that depend on public perception for the successful execution of their mission may choose to give more weight to scores in the reputational impact category, whereas agencies that are reliant on partnership with scientific or academic organizations may choose to weight the government and industry partnerships category more heavily,” CISA explains.

Advertisement. Scroll to continue reading.

After calculating the impact score for each of their web services, federal agencies should create a ranked list of DDoS attacks and, based on that, prioritize the implementation of specific DDoS mitigations.

When considering the adoption of mitigations against DDoS attacks, federal agencies should look at content delivery networks (CDNs), internet service providers (ISPs) and upstream providers, and cloud service provider hosted services.

“CDN mitigations provide the highest degree of protections. Both ISP and CSP are sufficient if service providers can provide the proper compute and bandwidth resources. On-premises solutions are highly unlikely to provide sufficient compute and bandwidth due to its inability to scale; CDN solutions are highly advised,” CISA notes.

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: CISA Releases Cyber Defense Plan to Reduce RMM Software Risks

Related: CISA Unveils Cybersecurity Strategic Plan for Next 3 Years

Related Content

Vulnerabilities

CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes.

Vulnerabilities

CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure.

ICS/OT

Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems.

Artificial Intelligence

New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.

Government

New US guidance details foreign malign influence operations to help election infrastructure stakeholders increase resilience.

Artificial Intelligence

Five Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems. 

Data Breaches

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."

Data Breaches

The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics...

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version