From: InformationWeek/Security

A threat information-sharing bill wouldn’t do much to help banks defend themselves against distributed denial of services (DDoS) attacks.

Mathew J. Schwartz

The co-author of the Cyber Intelligence Sharing and Protection Act (CISPA) ought to know better.

Rep. Mike Rogers (R-Mich.), who is also chairman of the House Intelligence Committee, told NBC News on Wednesday that the Operation Ababil bank disruption campaign run by al-Qassam Cyber Fighters could be stopped, if only private businesses had unfettered access to top-flight U.S. government threat intelligence. Currently the federal government is “trying to share cyber threat information with these banks to help them get ahead of these attacks,” Rogers said. “Unfortunately, a series of policy and legal barriers is impeding that cooperation, as well as slowing down cooperation within the private sector and making it less effective.”

The problem with that reasoning is that the bank disruptions — often publicized in advance by attackers — overwhelm targeted networks through sheer quantities of packets. They don’t employ attacks of a stealthy or unknown nature that banks might have difficulty spotting if only they had access to better attack data.

Said Rico Valdez, a senior threat researcher at Bit9: “Threat intelligence … for more targeted attacks — where adversaries are trying to penetrate your systems, get in, steal data, intelligence — can be very, very useful. But in the world of DDoS attacks, there’s just not a ton that can be done there.”

Valdez continued: “Some intelligence can help you — it’s good to know the attack techniques being used, that might help you put in place better mitigation technologies. But most of the [DDoS] attacks these days are sheer packets-per-second attacks, designed to overwhelm your infrastructure so that you can’t service any requests. In that type of scenario, with threat intelligence, it’s … not going to effectively help your mitigations.”

A spokeswoman for Rep. Rogers, contacted by phone and email, didn’t immediately respond to our requests for comment. But in Rogers’ comments to NBC, the Congressman also suggested that banks simply can’t blunt the full fury of a nation state’s DDoS disruption campaign. “These banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them,” he said.

In fact, multiple security experts I’ve spoken with contend that banks are combating the DDoS attacks quite well via layered defenses, DDoS scrubbing services from third-party providers, and dedicated DDoS mitigation defenses running on premises or in the cloud. In some cases, banks can also use content delivery networks that spread instances of their sites across different geographical regions, helping minimize the effects of a DDoS-generated disruption in any one of those areas.

Read Complete Article