NATO Nations work to level the playing field in response to cyber attacks

Dave Larson
By | September 10, 2014

Posted in: Network Security Trends

It has been interesting to see news recently of a NATO agreement that indicated that member states would now come to each other’s aid in the event of digital attacks as well as in the case of military attacks.  This newly signed deal reaffirms that cyber defense is now, more than ever critical component to a Nation’s comprehensive defense strategy.

The agreement is an apparent step in the right direction for dealing with ever escalating and crippling DDoS attacks –like the high profile attack against NATO member-state Estonia. The biggest challenge will be the ability to produce more detailed information, beyond the nature of the attack, until NATO member-state service providers are required to implement the appropriate controls to mitigate against large scale DDoS attacks.

It’s important to note that large scale DDoS attack occurrences are not the exclusive domain of nation states. In fact, virtually anyone with motive can launch a 100 Gigabit-class attack with very little cost in terms of dollars or resources, and very little risk of being exposed as an attacker.  One should not assume that only nation-states are at risk of attack at the same scale as the incident against Estonia.  Large scale DDoS should  be top of mind, and cause concern for anyone that depends on Internet availability to conduct business.

Governments alone are not the answer, the private sector has to take this threat seriously.  Simple patching of vulnerable servers (NTP, DNS, etc.) would go a long way toward reducing the number of available DDoS agents that can be utilized in an attack and thereby reduce the overall threat.  It is almost criminal – maybe it should be criminal – to operate an unpatched server that is easily commandeered for use as a DDoS attacker simply because it is incapable of correctly handling IP address spoofing.  Certainly, the Internet community could use shaming tactics to humiliate operators of such systems into adopting best practices that could limit the problem.

Technology exists today to mitigate these attacks exists.  Cloud scrubbing centers are useful tools in the arsenal, but they must be augmented with in-line solutions that can respond to attacks in real-time.  Scrubbing centers are great for redirecting attack traffic to a remote location away from the intended victims, but response times for these solutions are on the order of an hour or more, making them ineffective against many attacks.  Real-time, in-line detection and mitigation is the only way to defeat these attacks at inception.

You May Also Be Interested In: