Could greater collective action more effectively reduce the threats posed by DDoS - and distributed threats more broadly?
The flaws in the internet itself and the resultant threats posed by distributed denial of service (DDoS) attacks continue to pose a risk to both industry and government, and with the advent of the "Internet of Things", the profusion of unsecured devices has given terabytes of firepower to just about anyone with a grievance or looking to make a dollar via DDoS attacks. Hard-working and effective communities exist to combat these threats, and to supplement those efforts, Tech4GS works with an informal anti-DDoS coalition on potentially additional tool against these growing online threats.
Our effort has been underpinned by a generous grant from the Hewlett Foundation, and dovetails with the U.S. government's emphasis on combating botnets - directed by Executive Order 13800: Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
We conducted our investigatory phase over the course of 2017-2018, while also supporting those working at DHS, NIST, and NTIA to respond to the EO, as well as with an array of industry, academic, and think tanks. We kicked off a series of formal and informal workshops on these issues in September 2017, hosted by the Hoover Institution DC, with a follow-on formal workshop at the Hewlett Foundation in Menlo Park in November 2017, buttressed by a number of additional coordination activities in early 2018 conducted also under Chatham House rules.
Our intent from the outset was to not only help identify industry best practices and clear incentives for industry, but to help actually delineate a clear path for action over the coming months and years. This isn't a new problem set - but we did find that it demands novel solutions that many who have been working on this problem set for decades feel could be more earnestly pursued.
As noted, our process worked in parallel while the USG finalized their report - released on May 30, 2018. Going forward we will work closely with those in industry and in government around the world who are already doing an immense amount everyday to combat these threats, while also working to support the development and implementation of a roadmap with the USG.
Cybersecurity Tabletop Exercises (CTTXs)
At Technology for Global Security (T4GS), we do not accept the argument that there is a divide between technology companies and Washington D.C. Quite simply, there are differing cultures across all domains — we embrace that fact and thrive on it. More importantly, we accept that technology is moving faster than policy can keep up — which requires earnest, trustworthy venues for the honest exchange of ideas and tools.
As part of our suite of solutions to these challenges, T4GS conducts public-private cybersecurity tabletop exercises (CTTXs) to examine current trends and potential future crises. These games force players to actively imagine what is possible, question their assumptions, and collaborate with others outside their comfort zones. We aren’t the only ones who do this — but our approach is a reinvigorated approach to solving 21st century challenges through a time-tested and proven method. These simulations require participants to respond to complex national-level contingencies driven by cyber attacks, but also to consider their actions and solutions in light of much broader consequences that demand public-private collaboration. This means vertical integration between network operators implementing ground-level technical solutions and government officials responsible for higher-level public protection, geopolitical responses, and policy decisions. At the same time, players must reach out horizontally across sectors to coordinate their response, share information, and utilize all available tools — even devise new ones. Perhaps most importantly, the exercises build the trusted personal relationships and deepened understanding across sectors that are necessary to be prepared at all levels to face the inevitable crises of the future. Read more