Cyber Terrorism – A Clear and Present Danger

Distributed Denial of Service is top of mind when CISOs are asked about cyber terrorism. In mustering a defense, organizations need to understand the motivations and have a higher level of intelligence about what is occurring.

The government and other organizations are interested in combating DDoS attacks and other forms of cyber terrorism. These organizations are putting forth proposals both on how to get the intelligence information and how to get the intelligence to the organizations fighting cyber terrorism on the front lines. This information, however, is slow in coming.

Failing timely and relevant intelligence, organizations are looking to collaboration with ISPs as a way to prevent denial of service. There is, however, a disconnect internally within ISPs in that while it’s evident that the ISP technicians want to do the right thing and block the bad traffic, business management want to charge for the service. The issue of whether they are providing “water” or “clean water” will likely be an on-going discussion.

Law enforcement is becoming more interested in DDoS. Because they now have a better understanding of what DDoS is and what is happening, they are getting to a point where they are more giving of information; however, progress still remains slow.

Best practices for combating DDoS include:

• Collaborate across and within industries
• Stay current on what is happening in the world
• Work with the groups that are collecting intelligence
• Develop forensics and response capability within your team
• Stay connected to association groups (FS-ISAC, law enforcement feeds)