Cybersecurity

DDOS attacks raise questions from lawmakers

Shutterstock image: breached lock.

In the wake of last week's distributed denial-of-service attack that crippled high-profile websites by attacking underlying infrastructure, several lawmakers have called on the government to improve cybersecurity protections and consider new rules for potentially risky web traffic.

Sen. Mark Warner (D-Va.), co-founder of the Senate Cybersecurity Caucus, is seeking answers from the Federal Communications Commission, the Federal Trade Commission and the Department of Homeland Security on the resources available and needed to keep cyber malefactors from breaching consumer products.

In an Oct. 25 letter to FCC Chairman Tom Wheeler, Warner asked what network management practices could be adopted by internet service providers to repel traffic that might emanate from botnets and whether it is possible to assess the risks associated with the devices that make up the internet of things, apprise consumers of those risks and encourage users to download operating system and firmware updates when they are available.

"The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic," Warner wrote.

Homeland Security Secretary Jeh Johnson said the attack on internet infrastructure provider Dyn has been mitigated. In a statement, he added that the attack was potentially caused by the Mirai botnet, a massive network of hijacked IoT devices that directed waves of traffic to Dyn systems and took them off-line.

Johnson also said DHS plans to publish a set of strategic principles for IoT security in the coming weeks.

In an Oct. 25 speech before the Council on Foreign Relations in New York City, Director of National Intelligence James Clapper attributed the attack to a non-state actor but did not say which hacker group might be responsible.

Separately but also in response to the attack, two members of the Senate Select Committee on Intelligence have asked President Barack Obama to work with Congress to bolster the government's ability to identify and quickly react to weaknesses in cyber networks.

Sens. Angus King (I-Maine) and Martin Heinrich (D-N.M.) sent a letter to Obama on Oct. 24 requesting his involvement in developing standardized, governmentwide policies for detecting vulnerabilities and enlisting the private sector's help in fixing them.

"The recent intrusions into United States networks and the controversy surrounding the Federal Bureau of Investigation's efforts to access the iPhone used in the San Bernardino attacks have underscored for us the need to establish more robust and accountable policies regarding security vulnerabilities," King and Heinrich wrote.

The senators cited the expansion of bug bounty programs -- which the private sector and recently the Pentagon have used to reward hackers who report security vulnerabilities -- as a cost-effective way to discover and patch potential network trouble spots.

The senators also called for new legislation governing the Vulnerabilities Equities Process that would require agencies to report serious security vulnerabilities to technology manufacturers and for broader use of the authorities afforded under the Cybersecurity Information Sharing Act of 2015.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.