CISA, FBI, MS-ISAC Publish Guidelines For Federal Agencies on DDoS Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new series of guidelines to help federal agencies defend against distributed denial-of-service (DDoS) attacks.

The Capacity Enhancement Guide has been published in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It provides organizations with proactive steps to reduce the likelihood and impact of DDoS attacks.

“The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage,” CISA wrote Friday in a press release accompanying the report.

Alongside the guide, the Agency has released a separate document that provides federal civilian executive branch (FCEB) agencies additional DDoS guidance, including recommended FCEB contract vehicles and services that provide DDoS protection and mitigations.

The documents jointly provide various guidelines for federal agencies to follow before, during and after a DDoS attack.

The recommendations before a DDoS attack include identifying critical assets and services, understanding how users connect to networks and enrolling in a DDoS protection service. They also include the understanding of service providers and dedicated edge network defenses, and the development of an organization's DDoS business response and continuity plan, among others.

As for agencies experiencing a DDoS attack, CISA has said they should first confirm the indicators of such an incident, including network latency and high processor and memory utilization.

After a DDoS attack, agencies should continue to monitor other network assets, update their DDoS response plan to improve response to future DDoS attacks and proactively monitor networks to quickly identify DDoS attacks in the future.

The original Capacity Enhancement Guide is available at this link for more information about each of these recommendations.

Its publication comes weeks after the pro-Russian hacking group KillNet claimed responsibility for a series of DDoS attacks against 14 US airports.

What’s Hot on Infosecurity Magazine?