The Changing Role of the ISP & How Net Neutrality Laws Impact Cyber Defense

Written by

Net neutrality is one of the internet’s guiding principles. The concept that Internet Service Providers (ISP) should direct all content and traffic from one destination to another, without passing judgment about the content, is widely recognized as the best means to preserve free speech online and encourage economic growth.

However, what happens when the content in question is dangerous, such as the malicious traffic involved in a DDoS attack? As cyber-attacks become increasingly sophisticated, many organizations are looking further upstream to their ISP to protect them against DDoS threats, and if ISPs do not respond appropriately, they risk eroding their customer base.So what exactly are ISPs supposed to do?

Net neutrality is increasingly contentious in the tech industry, particularly in light of recent European regulations affecting the Telecoms industry and public consultations on the topic. While Tim Berners-Lee and others argue that the principle of net-neutrality should be defended in order to preserve the open internet and a level playing field for all who operate online, many carriers and ISPs are averse to the idea, preferring to retain more control over their networks and seek new ways of monetization by offering ‘fast lanes’ to content providers that pay for priority treatment for their content, but where does cyber defense fit into this? Does filtering malicious content, such as malware and botnet-related activity, violate the objectives of net-neutrality? Most people would agree that this offers a competitive advantage for the ISP, but not at the expense of another legitimate entity, so surely in keeping with the principle – but what about DDoS? DDoS is sometimes used as a protest against an organization or ideological stance that appears online. Would removing this attack in some way be seen as a violation of the objective?

In a recent survey conducted by Corero, the majority of IT security professionals (53%) believe that ISPs are hiding behind net neutrality laws as a way to dodge their responsibilities when it comes to protecting their customers from DDoS attacks. Defending against these types of attacks is an important area of focus for service providers, given their bandwidth capacity and volume of customers – and the fact that they are uniquely positioned to eliminate bad traffic upstream from appropriate peering points, before it even reaches their customers’ networks, is beginning to create customer demand for them to do more.

In the same survey, the majority of respondents (59%) worry that their ISP does not provide enough protection against DDoS attacks, and almost a quarter (24%) would go as far as to blame their ISP in the event of a DDoS attack affecting their business. This has potentially serious consequences, because over a fifth of those surveyed (21%) said that they would leave their service provider if they did not offer adequate protection against DDoS attacks.

Customers have clearly come to expect their telcos to do something about the decaying mélange of internet traffic and increasingly sophisticated attack vectors. They expect to be able to pay for a ‘clean pipe’ of good traffic, where the threats have been proactively removed. So why are some ISPs reluctant to deliver this? The truth is that a significant number of telcos still rely on outdated technologies to protect their customers from DDoS attacks. These typically include diverting DDoS traffic through a scrubbing center – an expensive and notoriously slow technique which can take upwards of an hour from detection to mitigation – and ‘blackholing’ a victim’s traffic when they suffer a DDoS attack, which essentially does a hacker’s job for them, by denying service to a particular website. Trying to achieve a ‘clean pipe’ through these methods would be both prohibitively expensive and minimally effective because of difficulties integrating with distributed network architectures. 

However, the landscape has changed with the emergence of in-line, real-time mitigation solutions that have become both economically and technologically viable. Providers can now deploy their DDoS mitigation operations at peering or transit points, using technology that is scalable and responsive. These systems are automated, always-on and capable of responding to attacks as they happen – thus reducing headaches for providers everywhere. What’s more it’s possible to design policies uniquely for customers and ensure that they get only good traffic flowing through their pipes. Providing such a service not only streamlines the operations of providers, giving them increased visibility and making their services more reliable, but it has the additional upside of protecting a customer’s reputation and in turn, attracting more customers. So rather than hiding behind net neutrality, telcos have a valuable opportunity to modernize their services and generate new revenue streams in the process – or risk a steady decline of their customer base.

What’s hot on Infosecurity Magazine?