Project active 2017 - 2021
This is an archived project. For more information on our ongoing efforts, please visit our Future of Digital Security pillar page.
Expanding Public-Private Partnerships
Flaws in the internet itself and the resultant threats posed by Distributed Denial of Service (DDoS) attacks continue to pose a risk to industry, government, and society. With the advent of the “Internet of Things,” the profusion of unsecured devices has given terabytes of firepower to anyone with a grievance or a financial motive to carry out a DDoS attack. Hard-working and effective communities exist to combat these persistent online threats, and IST works to supplement those efforts by collaborating with an informal anti-DDoS coalition to reduce the threat posed by DDoS attacks. This work would not be possible without their support, willingness to engage, and collaborative culture.
Our effort was supported by a generous grant from the Hewlett Foundation, and originally dovetailed with a renewed U.S. government emphasis on combating botnets—directed by Executive Order 13800: Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
Over the course of 2017 and 2018, IST conducted an investigatory phase and supported those working at the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the National Telecommunications and Information Administration (NTIA) to respond to Executive Order 13800. Additionally, we collaborated with experts from industry, academia, and think tanks via a series of formal and informal workshops on these issues in September 2017, hosted by the Hoover Institution in Washington, D.C., with a follow-on formal workshop at the Hewlett Foundation in Menlo Park in November 2017. These workshops were supplemented by a number of additional coordination activities in early 2018 conducted under Chatham House rules.
The Combating DDoS initiative aims to not only clarify industry incentives and identify best practices, but also to establish a clear path for action. This set of problems is not new—but we have found that it demands earnestly pursuing novel solutions. At IST, we continue to support this global mission through various efforts in collaboration with partners and experts in industry and government:
- We aim to help and support the broad dissemination of mitigation tools to those suffering from attacks,
- We are Expanding Public-Private Partnerships,
- We are doing what we can to help push the needle forward on Enhanced DDoS Mitigation and Peering efforts,
- We are working through the question of how to approach Network Infrastructure Hardware Security issues, and
- We are creating a DDoS Virtual Library with educational documents and translating them into several languages for international consumption.
Collaboration between government and industry professionals—while nothing new—is critical in order to anticipate emerging cyber threats and build global resilience to threats like Distributed Denial of Service (DDoS) attacks. Through our engagement with network security professionals, DDoS mitigation companies, Internet Service Providers, threat intelligence experts, and both serving and retired government officials, we realized that more, deeper relationships are needed across the spectrum of cyber-related challenges. Each group is often unaware and may not care about the capabilities or responsibilities of those outside their stovepiped domain. Broader collaboration and insight would benefit the problems they are tasked with solving.
In 2019, Jonathan Reiber, former Chief Strategy Officer for Cyber Policy and speechwriter in the Office of the Secretary of Defense researched steps that could be taken to address this need, summarized in his report, “A Public, Private War: How the U.S. Government and U.S. Technology Sector Can Build Trust and Better Prepare for Conflict in the Digital Age.” That paper, co-published by the Center for Long-Term Cybersecurity (CLTC) at UC Berkeley and IST (then Technology for Global Security), outlines how the U.S. government and private-sector companies can collaborate more broadly to prepare for a high-end cyber contingency or other significant cyberattacks on U.S. interests. For example, Reiber recommends that companies should develop a public affairs strategy for government cooperation on cyberdefense and that their terms of service be updated to describe their policies for cyber defense operations, including “when and how the company will remove individuals’, companies’, or nation-states’ access to products.” He also suggests that the U.S. federal government should invest more in initiatives such as the Enduring Security Framework (ESF), which is designed for public-private information sharing for cybersecurity.
Building on the inputs of our partners in industry and government, and taking cues from Jonathan’s research, the Institute for Security and Technology turned to a tried-and-true mechanism to help build and promote more public and private cooperation, specifically through Cybersecurity Table-Top Exercises (CTTXs).
The Institute for Security and Technology’s efforts in this space involve establishing a baseline of ongoing discussions and best practices for building relationships between industry and policy experts, with the goal of institutionalizing knowledge and tools needed for technical operators. We are also convening industry professionals, security officials, and diplomatic members at the international level to encourage engagement between nation states and companies.
Enhanced Cooperation on DDoS
Vast insider knowledge exists regarding both historical but also real-time Distributed Denial of Service (DDoS) attacks. Creating more effective tools for automated peering and better coordination of mitigation efforts has the potential to significantly decrease the threat from ever-evolving DDoS attacks. To that end, IST plays a role in facilitating industry dialogue to identify obstacles and opportunities to move solutions forward. As with many of our activities, these aren’t tools we’ve developed or even ideas we came up with – but we can help move ideas forward that would otherwise languish or get stuck. This effort remains a work in progress, inspired by actors in this space that manage these issues day in, and day out.
This effort spins out from the broader Combating DDoS initiative, which encounters ongoing efforts to overcome technical and legal barriers to enhanced DDoS data peering efforts. IST volunteers to assist these ongoing projects to expand corporation-to-corporation peering options in order to explore how DDoS-related information sharing could be enhanced, and how best practices and mitigation tools can be more broadly disseminated.
As most experts will tell you, many of the necessary DDoS technical mitigation tools exist, and are available to those who need them. However, due to many actors with insufficient resources, the lack of the necessary mass adoption of these tools presents a persistent problem that perpetuates the DDoS risk.
As our personal and professional lives, activities, and operations become increasingly dependent on internet connectivity, IST and our cooperating partners are working to develop concepts like these cooperative DDoS approaches, best practices, and tools that can be shared globally. We are lucky to help work with partners on how these tools can best be expanded to smaller service providers around the globe, with less technical, financial, and human capital resources, with an eye towards how we can make these solutions as user-friendly as possible.
As this project progresses, we are working to formalize and spread DDoS best practices to other, smaller ISPs with less technical background or resources to manage the tools in question, like using FlowSpec.
Network Infrastructure Hardware Security
Through our engagements with network operators across a variety of domains, we identified a consistent theme: in many cases, the necessary security tools already exist to dramatically reduce the threat posed by Distributed Denial of Service (DDoS) attacks. However, to meaningfully improve resilience, these solutions need broader adoption. It’s almost cliche.
This project focuses on identifying gaps in the adoption and development of multidisciplinary security standards and practices for network infrastructure hardware. There are a number of complicated reasons behind the lack of adoption, including the ever-increasing specialization of effort across the industry that creates silos of knowledge and decreases the interaction between those involved in building network infrastructure hardware and those who are focused on security challenges like DDoS attacks.
To delve into potential solutions and refine the necessary questions, we convened a small workshop with network security professionals along with infrastructure hardware experts. The conversation focused on how to ensure that requisite security-related features are implemented in hardware, including application-specific integrated circuits (ASICs), from the ground up—so network infrastructure devices can incorporate effective detection, classification, and traceback capabilities.
Coming out of the workshop, it was clear the questions we were asking were much too broad. Our goal moving forward is to focus on current and projected requirements for network infrastructure security capabilities and scalability. Based on our conversations with network engineers who proposed the idea, we are convinced that perhaps by adequately distributing the right technical information, the economics will line up: with education comes power.
We will continue future conversations with experts about what security standards currently exist, how they have been adopted, and what gaps exist. Furthermore, we seek to particularly address security issues stemming from edge computing.
DDoS Virtual Library & Machine Translation
In collaboration with our industry and government partners, the Institute for Security and Technology identified the need to distribute educational resources about Distributed Denial of Services (DDoS) attacks to the global community. We built a DDoS Virtual Library with an eye towards affording other researchers ease of use, putting these resources in one central location for interested parties to take advantage of the incredible work that has informed us.
Some of the countries and organizations most vulnerable to DDoS attacks lack reliable sources of technical information and recommendations in their native languages because these resources are primarily written in English for an English-speaking audience.
As such, we have developed approaches based on Machine Learning, Machine Translation, and Natural Language Processing to rapidly and accurately translate these technical documents. The Institute for Security and Technology trained an English-to-Mandarin, English-to-Spanish, and English-to-French machine translation model.