Cybersecurity

DDOS attacks raise questions from lawmakers

Shutterstock image: breached lock.

In the wake of last week's distributed denial-of-service attack that crippled high-profile websites by attacking underlying infrastructure, several lawmakers have called on the government to improve cybersecurity protections and consider new rules for potentially risky web traffic.

Sen. Mark Warner (D-Va.), co-founder of the Senate Cybersecurity Caucus, is seeking answers from the Federal Communications Commission, the Federal Trade Commission and the Department of Homeland Security on the resources available and needed to keep cyber malefactors from breaching consumer products.

In an Oct. 25 letter to FCC Chairman Tom Wheeler, Warner asked what network management practices could be adopted by internet service providers to repel traffic that might emanate from botnets and whether it is possible to assess the risks associated with the devices that make up the internet of things, apprise consumers of those risks and encourage users to download operating system and firmware updates when they are available.

"The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic," Warner wrote.

Homeland Security Secretary Jeh Johnson said the attack on internet infrastructure provider Dyn has been mitigated. In a statement, he added that the attack was potentially caused by the Mirai botnet, a massive network of hijacked IoT devices that directed waves of traffic to Dyn systems and took them off-line.

Johnson also said DHS plans to publish a set of strategic principles for IoT security in the coming weeks.

In an Oct. 25 speech before the Council on Foreign Relations in New York City, Director of National Intelligence James Clapper attributed the attack to a non-state actor but did not say which hacker group might be responsible.

Separately but also in response to the attack, two members of the Senate Select Committee on Intelligence have asked President Barack Obama to work with Congress to bolster the government's ability to identify and quickly react to weaknesses in cyber networks.

Sens. Angus King (I-Maine) and Martin Heinrich (D-N.M.) sent a letter to Obama on Oct. 24 requesting his involvement in developing standardized, governmentwide policies for detecting vulnerabilities and enlisting the private sector's help in fixing them.

"The recent intrusions into United States networks and the controversy surrounding the Federal Bureau of Investigation's efforts to access the iPhone used in the San Bernardino attacks have underscored for us the need to establish more robust and accountable policies regarding security vulnerabilities," King and Heinrich wrote.

The senators cited the expansion of bug bounty programs -- which the private sector and recently the Pentagon have used to reward hackers who report security vulnerabilities -- as a cost-effective way to discover and patch potential network trouble spots.

The senators also called for new legislation governing the Vulnerabilities Equities Process that would require agencies to report serious security vulnerabilities to technology manufacturers and for broader use of the authorities afforded under the Cybersecurity Information Sharing Act of 2015.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.