Last week, the Internet was jolted with an unprecedented cybersecurity attack that affected many of the leading brands on the Internet. It is ironic that October is National Cybersecurity Awareness Month, and one of the largest attacks occurred in a time of heightened awareness.
What happened last week?
On Friday, October 21st, a Distributed Denial of Service (DDoS) attack was started against a company called Dyn. While Dyn is probably not a household name to most people, they are an internet infrastructure company or ISP that manages much of the Internet traffic for leading companies such as Netflix, Amazon, Twitter, Paypal and Spotify. The DDoS attack on Dyn was a highly sophisticated attack that involved tens of millions of IP addresses and shut down access to their customers' websites for several hours.
A DDoS attack occurs when multiple systems flood a web server with an overwhelming amount of traffic. When a large amount of junk traffic hits a computer network, it is possible to slow down or make the server unavailable to regular users who are making legitimate requests. One simple explanation of DDoS is to think about it as a group of people crowding the door to a building and not letting anyone in and disrupting normal operations.
While DDoS attacks are not new, the Dyn situation demonstrates the increasing sophistication of their execution. For local government agencies who haven’t developed a cyber security strategy, here are three ways to get started:
- Be aware
- Be prepared
- Take preventative action
As Dyn mentioned on their website, “The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise.” The first line of defense is to be aware that cybersecurity threats are out there, understand that they can happen to companies of all sizes and sophistication.
Just a couple of months previous to this attack, the Department of Homeland Security encouraged agencies to watch for and report any cyber incidents they may experience, explaining, “The growing number of serious attacks on essential cyber networks is one of the most serious economic and national security threats our nation faces. An important way to protect yourself and others from cyber security incidents is to watch for them and report any that you find.”
“Living with risk is the new normal, and managing it is as an essential part of achieving optimal performance in digital government,” explained William Eggers, the executive director of Deloitte’s Center for Government Insights, in a recent GovTech article on cybersecurity. Governments must create “strong capabilities for detection, response, reconnaissance, and recovery.”
In addition to being aware, it’s important to be prepared. It doesn’t matter whether you manage all of your technology in-house or use a third party provider, you should make sure that there is DDoS mitigation service in place as a first line of defense.
Many services and key applications provided to local government and business are being converted to Software as a Service (SaaS) which means that access requires connection to the Internet. If the Internet is not available or has been compromised, then your SaaS applications will also be unavailable.
You should do your homework on the companies who manage your SaaS applications. For example, you should make sure that your SaaS vendor has:
- Disaster recovery options to shift your website or key applications to another data center in the case of a natural or cybersecurity disaster
- DDoS mitigation services to act as the first line of defense against denial of service attacks
- Redundant systems and internet options to give you alternative ways to access the Internet
- Service level agreements in place to specify your level of uptime and who’s responsible in case of a cyberattack or data center outage
In addition, you should review all systems that are potentially vulnerable and create a contingency plan for what to do in case of an outage or large cybersecurity attack.
Take Preventative Action
There are also several preventative actions you can take at home or business. Some of the obvious actions that will not take much time, but can greatly minimize your risk include:
- Ask your IT department or group to analyze the vulnerability of your key systems and develop or review your contingency plans
- Update the firmware software for your routers that access the Internet – if the software for your router is out of date, you may not be protected against some of the newer threats
- Change all of your passwords to make sure you’re not using the default “admin” password – Many people and organizations are still using the default admin password that comes with routers and other hardware devices. You should make it a policy to frequently update all of the passwords to both hardware devices and software applications on a regular basis.
- Turn off remote access to any Internet of Things (IoT) devices like cameras and printers – The DDoS attack against Dyn used millions of unprotected IoT devices to launch the attacks which demonstrated how easy it was for a hacker to gain access to these devices.
With DDoS and other cybersecurity attacks growing in frequency and severity, it’s important for every local government agency to understand what security measures they have in place, assess the potential cybersecurity risks, and develop contingency plans to minimize the cybersecurity impacts.