Over the past few weeks news feeds all over the world have been pulsating about the recent DARPA announcement. On August 14th, 2015 the U.S. Defense Advanced Research Projects Agency (DARPA) announced an initiative called Extreme DDoS Defense (XD3). Interestingly enough, DARPA is not the only U.S. government agency calling for research into solutions designed to solve the DDoS problem. DDoS attacks have been plaguing Service Providers, Hosting Providers, Government Agencies, and the Online Enterprises for years and now the U.S. Department of Homeland Security (DHS) is getting more involved in the fight against DDoS attacks.
On April 23rd, 2014 the Department of Homeland Security (DHS) issued the Cyber Security Division Broad Agency Announcement (BAA) HSHQDC-14-R-B0005. In the announcement there was a list of Anticipated Technical Topic Areas (TTAs) which included Next-Generation DDoS Defence.
On June 13th, 2014 DHS provided a Broad Agency Announcement Solicitation HSHQDC-14-R-B0017 Project: Distributed Denial of Service Defense (DDoSD). In the solicitation it states, “The Distributed Denial of Service Defense (DDoSD) Project aims to shift the advantage from the DDoS attacker to the defender who is providing a network service.
The DDoSD project includes three complementary Technical Topic Areas (TTAs):
- TTA #1, Measurement and Analysis to Promote Best Current Practices
- TTA #2, Tools for Communication and Collaboration
- TTA #3, Novel DDoS Attack Mitigation and Defense Techniques
TTA #1 aims to slow the growth rate in denial of service attacks and make current attacks more difficult by promoting the deployment of existing best practices (BCP-38). Recognizing that best practices alone are not sufficient, TTA #2 will develop tools and techniques that allow organizations to collaboratively respond to attacks. Finally, TTA #3 addresses new threats as denial of service attack concepts are being applied to non-traditional targets, such as emergency management systems and cyber physical systems.”
Research Dollars are Available!
On September 3rd, 2015 DHS awarded a $1.9 million contract to the University of Delaware to develop technology that will make it more difficult for attackers to launch Distributed Denial of Service (DDoS) attacks. The project is titled “Ensuring Energy and Power Safety in Data Centers”.
Also on September 4th, 2015 DHS awarded a contract to the University of Houston for $2.6 million to develop technology that will help protect emergency response systems (E911) against Distributed Denial of Service (DDoS) attacks. The project is titled “DDoS Resilient Emergency Dispatch Center”. The fact that $4.5 million in research grants were awarded to the two universities mentioned above only stands to bring credence to the issue - DDoS attacks are a growing problem and now government “defense” agencies are getting involved.
Why DARPA and DHS?
Almost every American over the age of 30 can remember the TV advertisements from a company called AOL (America Online) or remember the sound of AOL’s application telling someone, “You’ve got Mail!” Most citizens in the U.S. at some point were customers of AOL or knew someone that was. The whole point of AOL’s business model was just that – to get as many Americans online as possible. As the years have gone by, nearly the entire world’s population has grown dependent on the availability of the Internet.
DARPA and DHS understand that the foundation of the Internet is completely based upon availability or in today’s terms “uptime”. The exponential growth of DDoS attacks are accurately threatening the foundation of the Internet and what it means to society as a whole. Attackers are fully capable of taking anything offline regardless of where their victims reside. Corporate, government, higher-ed, healthcare, insurance, finance, manufacturing, oil & gas, you name it - all understand they are vulnerable to DDoS attacks. Carriers, Service Providers, ISPs, and Hosting Providers know what DDoS attacks mean to their operations as well and all of them are searching for new options and solutions. In only makes sense to observe DARPA and DHS doing the same.