Response to the NTIA Draft Report on DDoS and Botnet Attacks


Arabella Hallawell

On Dec. 1, 2016, the Commission on Enhancing National Cybersecurity introduced a set of goals for the new administration, and protecting the nation’s infrastructure and commerce against DDoS and Botnet attacks was high on the list. A Presidential Executive Order from May 2017 re-emphasized this priority, seeing the importance of our connected world and its fragility based on the growing threat raised by the plethora of vulnerable, consumer focused Internet- connected devices.  Attackers from any spot around the globe can use vulnerabilities in these connected devices and across our digital infrastructures, and other vectors, to cause both digital havoc and increasingly catastrophic physical damage across our nation’s critical infrastructure.

The NTIA, on behalf of the DHS and Department of Commerce, issued a draft report in response to the Presidential Executive Order entitled, “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats,” and requested comments from the industry on their conclusions:

  • Automated distributed attacks are a global problem;
  • While effective tools exist, they are not widely used;
  • Products should be secured during all stages of their life cycle;
  • Improved education and awareness are necessary;
  • Current market incentives are misaligned;
  • Automated distributed attacks are an ecosystem-wide challenge.

NETSCOUT Arbor supports the findings in the report:

  • Our ATLAS infrastructure (monitoring one-third of Internet traffic) saw increasing number of DDoS attacks in 8 of the 10 most attacked countries in 2017. In the United States, NETSCOUT Arbor observed the number of DDoS attacks increase by 23.3 percent.
  • These attacks were more sophisticated than in years past with an increasing proportion of such attacks involving multiple attack vectors, particularly leveraging HTTPS and DNS.
  • Weaponization of the DDoS threat has accelerated; with tool kits readily available to those with little expertise and many organizations were not able to withstand attacks against them. This has resulted in more outages and losses, with 57 percent of enterprise, government and education (EGE) organizations seeing their internet bandwidth saturated due to DDoS attacks, up from 42 percent in the previous year.
  • Many organizations may not be prepared to deal with the changing on the DDoS risk, or the current best practices in protecting their organizations, including using application layer protection, internal network hygiene and comprehensive DDoS attack planning and testing.

The importance of managing the risk to our infrastructure from DDoS and Botnet escalating threats can run counter to common IT practices today. Risk management and mitigation strategies are often caught in an organizational “no man’s land” between network, application and security groups, resulting in less cohesive and more piecemeal approaches to managing the risks.

NETSCOUT Arbor has worked with the Coalition for Cybersecurity Policy & Law on the formulation of a DDoS and Botnet technology profile within the NIST Cybersecurity Framework, which lays out a comprehensive set of best practices to managing the risk from modern DDoS attacks. The Cybersecurity Framework is designed to allow individual organizations to determine their own unique risks, tolerances, threats and vulnerabilities, so that they may prioritize their resources to maximize effectiveness. To see the full profile, click here.