Why ISPs don’t throttle DDoS traffic

Why ISPs don’t throttle DDoS traffic

One of the reasons distributed denial-of-service attacks like the one that recently hit internet infrastructure company Dyn are so effective is because internet service providers can’t legally block traffic overloads, experts say.

Robert Mayer, vice president of industry and state affairs at the U.S. Telecom Association, said telecommunications carriers were ready to engage with the Department of Homeland Security about possibly blocking suspect traffic. However, such defensive measures could pose a legal problem because ISPs don't have liability protections and are obligated by law to continue service, he explained during a Nov. 8 panel discussion at the National Cybersecurity Institute.

If the carriers had gotten involved, their lawyers would have had to ensure that they did not violate laws that require them to keep their communications lines open, Mayer added. Mary Ellen Seale, founder and CEO of the National Cybersecurity Society, agreed, saying that taking defensive measures "would have blocked routers that [carriers] are required to keep open."

That is one of the complex details that must be addressed as the private sector and the government share more and more information, according to the panelists.

Their remarks echoed those of Commerce Secretary Penny Pritzker. In a speech in September, she called for a strengthened legal framework to protect companies when they share information about cyber risks.

"Yet even as companies and agencies begin speaking the same language of cyber risk, we are not yet having truly candid, actionable conversations because we lack the legal support structure necessary for doing so," Pritzker said in her speech.

Some liability protections are covered under the Cybersecurity Information Sharing Act, which passed as part of the 2016 omnibus spending bill, but she argued that when companies are under cyberattack, they do not immediately turn to the government for help.

Companies don't wait for the government to respond to attacks, said Vern Mosley, senior cybersecurity engineer at the Federal Communications Commission. The collaboration that was demonstrated during the attack on Dyn is one of the most dynamic protections against cyberattacks that the country has. He added that the response to the Dyn attack gave him great confidence in the ability of the private sector to neutralize threats.

A longer version of this article first appeared on FCW, a sister site to GCN.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

inside gcn

  • digital model of city (Shutterstock.com)

    Why you need a digital twin

Reader Comments

Tue, Dec 13, 2016 Job Netherlands

I think there should be a global baseline policy (law) that requires ISP´s to take responsability for everything going through their hardware to prevent a diffuse policypatchwork and ridding liability behind licenceagreements, jargon that the average consumer does not master, claims that not everything is controllable, and noshows at meetings, independent thinktanks should inform the governments, globally, of how to pass down the insurance and maintainance of safe connections for all consumers, and I doubt the claim that it would be technically impossible. Like antivirus-companies should all have a shared virusdefinition structure and unified consensus that is independent from the extra services like VPN (invisibility ?) and IPS´s should themselves do well to commercially collide with protection software because they are responsible in the first place. It is the consumer paying extra for security on top of the costs of their connections. If it is not global approach it will not likely improve as many countries depend in that sense on a small group of experts worldwide that can develop such an umbrella structure.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group