Internet DOS attacks spur exchange between government, private sector
- By William Jackson
- Feb 07, 2007
SAN FRANCISCO ' Tuesday's denial-of-service attacks against three of the Internet's root DNS servers did not rise to the level of a major cyberincident, but it did highlight the government's efforts to coordinate responses with private-sector infrastructure providers.
'There was some minor degradation of service,' but no large impact, said Jerry Dixon, head of the Homeland Security Department's National Cyber Security Division.
Dixon was joined Wednesday by Chris Painter of the Justice Department and Mark Hall of the Defense Department, his fellow co-chairmen on the National Cyber Response Coordination Group, at the RSA IT security conference. NCRCG is the government's tool for organizing its response to the most serious cyberattacks, coordinating the efforts of federal departments and agencies with the private sector.
So far, 'we haven't had a real crisis where we've had to stand up,' Painter said.
On a scale of 1 to 10, this week's attacks on top-level Domain Name Service servers only rated about a 3, Dixon said. The NCRCG co-chairs met to discuss the incident and monitor its impact and progress, but hands-on response was coordinated by the US CERT.
The attacks lasted for several hours and directed up to 54Gbps of traffic at the .mil, .info and .bus DNS servers, said US CERT deputy director Michael Witt. The .mil server was the most heavily targeted, he said.
'The root level servers continued to do their jobs,' Witt said. His organization worked with the North American National Operations Group, an industry organization of backbone network operators, to minimize the impact of the attacks.
US CERT also worked with industry-level Information Sharing and Analysis Centers to gather information about the nature of the attacks.
Dixon said investigators are following leads to determine the source of the attacks.
US CERT is the executive agency of the NCRCG and handles the day-to-day operations of monitoring cyberactivity, coordinating actions with the private sector and responding to routine events. But during a genuine emergency, the NCRCG would stand up in a joint operations center housed at DHS to coordinate activities between departments and agencies and the private sector. This central node is necessary because each agency approaches cyberincidents from its own mission perspective.
'We can't step all over each other as we try to respond as systems go down,' Hall said.
'Despite pretty communications between government agencies, it wasn't really regularized,' Painter said. NCRCG regularizes those communications.
The group also extends its lines of communications with foreign nations and has established a 50-country investigative network that it can work with.
'When you go to some other countries they have the same communications issues' as U.S. agencies do, Painter said.
Hall said he is about to sign an information sharing agreement with NATO on behalf of DOD, as part of the department's watch center capability with foreign partners.
The importance of coordinating responses to cyberincidents is magnified by the shortage of expertise government can bring to bear on the problem, Painter said.
'The bench isn't really very deep in cyberstuff,' he said. 'We have a limited amount of expertise.'
The NCRCG took part in last year's Cyber Storm exercises, a kind of cyberspace wargame in which private companies participated with government agencies to respond to a mock cyberattack.
'We are in the planning stages of Cyber Storm 2, which will be held next year,' Dixon said.
William Jackson is a Maryland-based freelance writer.