CISA Releases Guidance on Adopting DDoS Mitigations

The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations.

DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible.

Meant to help federal agencies prevent “large-scale volumetric attacks against web services”, CISA’s new guidance (PDF) shares details on prioritizing DDoS mitigations depending on mission and reputational impact, and describes various DDoS mitigation services to help agencies make informed procurement decisions.

The guide, however, only focuses on DDoS attacks targeting websites and related web services, which are meant to deny user access to them.

According to CISA, before deciding which type of DDoS mitigation to adopt, federal agencies should make an inventory of agency-owned or -operated web services, and then analyze the impact a DDoS attack would have against those services.

For that, CISA proposes five categories of impact and encourages federal agencies to assign a score in each of them: impact on public transactions, impact on public access to information, impact on government and industry partnerships, impact on the agency’s day-to-day activities, and reputational impact.

Next, each agency should assess the importance, or weight, of each impact category, based on mission and risk tolerance.

Advertisement. Scroll to continue reading.

“Agencies that depend on public perception for the successful execution of their mission may choose to give more weight to scores in the reputational impact category, whereas agencies that are reliant on partnership with scientific or academic organizations may choose to weight the government and industry partnerships category more heavily,” CISA explains.

After calculating the impact score for each of their web services, federal agencies should create a ranked list of DDoS attacks and, based on that, prioritize the implementation of specific DDoS mitigations.

When considering the adoption of mitigations against DDoS attacks, federal agencies should look at content delivery networks (CDNs), internet service providers (ISPs) and upstream providers, and cloud service provider hosted services.

“CDN mitigations provide the highest degree of protections. Both ISP and CSP are sufficient if service providers can provide the proper compute and bandwidth resources. On-premises solutions are highly unlikely to provide sufficient compute and bandwidth due to its inability to scale; CDN solutions are highly advised,” CISA notes.

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: CISA Releases Cyber Defense Plan to Reduce RMM Software Risks

Related: CISA Unveils Cybersecurity Strategic Plan for Next 3 Years