DDoS attacks demonstrate need to reduce government internet access points

The network attacks that severely disrupted several US government websites this week highlights the need for the American government to quickly finish its consolidation of Internet access points, it was said today.

Share

"TIC offers a capability to immediately block those offending IP addresses that are launching an attack," said Patricia Titus, former chief information security officer at the Transportation Security Administration (TSA), who now holds a similar job at Unisys.

But a lot will depend on how securely it is architected, Titus said. A major component of TIC is a federal network monitoring technology called Einstein that is designed to capture anomalous network activity and flag suspicious behaviour in near real-time.

If this component is not well implemented, the network access point consolidation could end up giving attackers a central point to go after federal systems, she said. But she added it is "very unlikely" that such an implementation error would be allowed to happen.

"The government has put out a very careful thought out architecture. This is something they are definitely paying attention to."

Details on the consolidated access points will also not be publicly published making them harder to find and therefore to attack, Evans said.

This week's attacks show how federal agencies continue to remain vulnerable to network threats despite having relatively sophisticated, well-funded and well-staffed security operations, said Amit Yoran, former director of the National Cybersecurity Division at the U.S. Department of Homeland Security (DHS).

"If this can happen to organizations such as the ones affected, it certainly can happen to people downstream as well," said Yoran, who is now CEO of security vendor NetWitness Corp.

The attacks show the need for organisations to centralize security policy and enable persistent monitoring of network ingress and egress points in the manner being contemplated by TIC, Yoran said.

"If you don't have consistent monitoring of access points then the risk accepted by one gateway or one component of your network is effectively shared by all participants in the enterprise," he said.

"Recommended For You"

Cybersecurity laws and leadership needed, says lawmaker How Treasury and AT&T botched billion-dollar network upgrade