Updated on 2022-10-31
The CISA, the FBI, and the MS-ISAC issued the Understanding and Responding to DDoS Attacks guidance for network defenders and leaders to respond to DDoS attacks. Read more: Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
Updated on 2022-10-30: US DDOS guidance
CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have published a joint advisory [PDF] on dealing with and reducing the impact of distributed denial of service (DDOS) attacks. Read more: Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
Overview: CISA, FBI, and MS-ISAC Jointly Release DDoS Guidance
The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Multi-state Information Sharing and Analysis Center (MS-ISAC) have jointly published guidance “to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.” The guidance is intended both for network defenders and for organizational leaders. At the same time, CISA has published a document with additional DDoS guidance for federal civilian executive branch agencies.
- These publications are both good high-level guides, but it is pretty rare to see a DDoS attack impact an organization that says, “I had no idea that could happen.” More common is “They wouldn’t believe that *would happen to us.*” The main guide has a good suggestion about using tabletop exercises to gain support for spending on needed mitigation measures.
- The guidance starts with the basics: Know what you have, verify protections are in place (e.g., WAF in blocking mode), understand what protections your ISP and other service providers have today, then work to close the gap. Don’t overlook any CDN services. Yes, we’re back to defense in depth, albeit CISA recommends enrolling in a single source for DDoS protections, versus multiple, which makes management and issue resolution simpler.
Read more in