Google on Thursday announced the public launch of Project Shield, an initiative aimed at protecting news sites from distributed denial of service (DDoS) attacks, for free.
While Project Shield is not a new effort, since it has been around since 2013, only testers had access to it until now. Since the original announcement three years ago, the initiative has offered protection to a series of small websites publishing news about oppressive regimes, as Google wanted to test its ability to keep them safe from cyber-attacks and DDoS assaults.
With the testing phase concluded, Google has decided to allow other small news sites take advantage of Project Shield and serve their content through Google’s infrastructure without having to move their hosting location. According to the Internet giant, the initiative is now open to all the world’s news sites looking for protection from DDoS attacks.
Google’s new attempt to eliminate DDoS as a form of censorship is part of the company’s ongoing effort to support free expression and access to information, and is intended to ensure that journalism is not silenced when it’s needed most. Not only is the service offered for free, but the search-engine giant is looking to protect human rights websites and elections monitoring content as well.
Jared Cohen, President, Jigsaw, and Advisor to Executive Chairman, Alphabet Inc., explains in a blog post that Project Shield’s testing period allowed Google learn more on how DDoS attacks happen and on how to improve its services to defend against them. However, the company notes on the initiative’s website that there’s no guarantee on uptime or protection levels, although the infrastructure is designed to defend itself and the free protection extends to third-party websites as well.
Websites serving news, human rights or elections-related content are encouraged to apply for the service directly on the Project Shield website. Once they have been approved, they will receive an invitation to join Project Shield, along with instructions on how to configure their website for the DDoS mitigation, a process that should take only a few minutes for webmasters with admin privileges and basic technical knowledge.
Qualifying websites will have to provide Google with access to detailed traffic information, since visibility into this data will allow the company to detect malicious traffic. According to Google, all of the obtained data, including logs from Project Shield servers, will be used only for DDoS mitigation and caching and to improve the protection service.
Sites not using a content delivery network (CDN) or a major hosting provider might not have the capacity to defend against DDoS attacks, and Google says that there are tens of thousands of news sites that now have access to Project Shield. The free service will allow even the smallest independent news organizations continue their work without the fear of being shut down.
“Finally, Project Shield is not just about protecting journalism. It’s about improving the health of the Internet by mitigating against a significant threat for publishers and people who want to publish content that some might find inconvenient. A free and open Internet depends on protecting the free flow of information—starting with the news,” Cohen said.
In November, encrypted email service ProtonMail was taken offline by a massive DDoS attack, which the company suspected was the doing of a state-sponsored actor. On Dec 31, 2015, BBC’s website was taken offline by anti-ISIS group called New World Hacking, which was testing a DDoS tool capable of launching 600 gigabit-per-second (Gbps) attacks.
According to Arbor Networks’ 11th Annual Worldwide Infrastructure Security Report (WISR), multi-vector DDoS attacks are on the rise, with over 50 percent of attacks targeting an organization’s infrastructure, applications and services simultaneously. The report also shows that DDoS attacks continue to grow in size, with the largest attack reported in 2015 being 500 Gbps.