This Cyber Threat Can Bring Government Business to a Halt

There’s a growing threat on the cyber frontier for federal agencies, one that has the ability to stop government business and shut down online work and applications. Malicious hackers launch thousands of Distributed Denial of Service (DDoS) attacks per day, and it's causing some agencies to fight back.

DDoS attacks can be one of the most disruptive cyber-attacks a federal agency faces, but it doesn’t have to lead to a crippling shutdown, says DuWayne Aikins, Senior Security Strategist at AT&T.

Agencies are building a stronger defense, mainly through a cloud-based Denial of Service platform, in order to mitigate the effects of a DDoS-style attack. This type of attack effectively clogs an agency’s Internet pipes, stopping the flow of online traffic.

When you look at the history of DDoS attacks, there wasn’t even a threat landscape a decade ago, Aikins says. Only recently have hackers started to use spam, viruses and other malware to crowd out useful traffic and create false traffic on an agency's network. Today, DDoS attacks can pose a daily threat for agencies.

“It’s a lot worse than it ever was before,” Aikins says. “This type of attack is not only increasing in number, it’s also increasing in volume.”

In 2015, DDoS attacks have increased in complexity and duration — the largest attack this year lasted for more than 13 hours, according to the State of the Internet report. And, a majority of these attacks, Aikins says, are volumetric attacks, which send a lot of data to an Internet Protocol address with the intent to cause harm to an agency’s network availability.

“Most medium and larger-sized agencies are completely dependent upon application-based or online workflows today,” Aikins says. “You’ve got to do your best to keep these pipes clean and thwart attacks.  Otherwise it’s going to impact your employees’ ability to do their jobs.”

With a DDoS mitigation service in place, like the one offered by AT&T, agencies can limit the instances of a network shutdown and stay focused on other cyber threats.

Ultimately, what hackers are trying to do is to distract IT staff with a DDoS style attack in order to launch a larger cyber-attack, says Terry Hect, Director and Chief Security Strategist for Government at AT&T.

“When we talk to agencies going through a DDoS attack, their technical staff is working hard to restore operations,” Hect says. “Meanwhile, they’re distracted from other attacks, particularly ones that are more advanced and aggressive.”

Most agencies are using a cloud-based DDoS mitigation service, along with procedures to assist in an emergency situation. Hect recommends that federal leaders make use of a cloud-based tool because it gives agencies greater flexibility and speed to respond to threats. With a premises-based DDoS solution, IT leaders must stay focused on consistently updating the network to defend against attacks.

“The federal government is the victim of choice here,” Hect says. “You need a mitigation service to have situational awareness of an attack. Either you have the mitigation service, people and process in place to combat this type of attack — or you don’t. Without a plan in place, you’re putting the critical work of government at risk.”

This content is made possible by our sponsor. The editorial staff of Nextgov was not involved in its preparation.