Combating Distributed Denial of Service Attacks

Could greater collective action more effectively reduce the threats posed by DDoS⁠ attacks—and distributed threats more broadly?

Flaws in the internet itself and the resultant threats posed by Distributed Denial of Service (DDoS) attacks continue to pose a risk to industry, government – and society. With the advent of the “Internet of Things,” the profusion of unsecured devices has given terabytes of firepower to anyone with a grievance or a financial motive to carry out a DDoS attack. Hard-working and effective communities exist to combat these persistent online threats, and IST works to supplement those efforts by collaborating with an informal anti-DDoS coalition to reduce the threat posed by DDoS attacks. This work would not be possible without their support, willingness to engage, and collaborative culture.

Our effort has been supported by a generous grant from the Hewlett Foundation, and originally dovetailed with a renewed U.S. government emphasis on combating botnets⁠—directed by Executive Order 13800: Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That work remains ongoing as well.

Over the course of 2017 – 2018, IST conducted an investigatory phase and supported those working at the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the National Telecommunications and Information Administration (NTIA) to respond to that Executive Order. Additionally, we collaborated with experts from industry, academia, and think tanks via a series of formal and informal workshops on these issues in September 2017, hosted by the Hoover Institution in Washington, D.C., with a follow-on formal workshop at the Hewlett Foundation in Menlo Park in November 2017. These workshops were supplemented by a number of additional coordination activities in early 2018 conducted under Chatham House rules. 

The Combating DDoS initiative aims to not only clarify industry incentives and identify best practices, but also to establish a clear path for action. This set of problems is not new—but we have found that it demands earnestly pursuing novel solutions. At IST, we continue to support this global mission through various efforts in collaboration with partners and experts in industry and government:

If you want to get involved, please email us at ddos@securityandtechnology.org and place Combating Distributed Denial of Service Attacks in the Subject line.