Cybersecurity and Infrastructure Security Agency (CISA) published a new series of guidelines to help federal agencies defend against distributed DDoS attacks.
The A guide to increasing capacity was published in cooperation with the Federal Bureau of Investigation (FBI) and the Interstate Information Sharing and Analysis Center (MS-ISAC). It provides organizations with proactive steps to reduce the likelihood and impact of DDoS attacks.
“The guidance is intended for both network defenders and managers to help them understand and respond to DDoS attacks, which can cost organizations time, money and damage reputation,” CISA wrote Friday in a press release accompanying the report .
Together with the management of the agency released a a separate document which provides Federal Civil Enforcement Agencies (FCEBs) with additional DDoS guidance, including FCEB-recommended contract vehicles and services that provide DDoS protection and mitigation.
The documents collectively provide various guidance to federal agencies before, during, and after a DDoS attack.
Recommendations before a DDoS attacks include identifying critical assets and services, understanding how users connect to networks, and registering with a DDoS protection service. They also include understanding service providers and specialized network defenses, and developing an organization’s business DDoS response and continuity plan, among other things.
For agencies under DDoS attack, CISA said they should first confirm signs of such an incident, including network latency and high CPU and memory usage.
After a DDoS attack, agencies should continue to monitor other network assets, update their DDoS response plans to improve response to future DDoS attacks, and proactively monitor networks to quickly detect future DDoS attacks.
The original A guide to increasing capacity available at this link for more information on each of these recommendations.
Its publication comes weeks after the pro-Russian hacking group KillNet claimed responsibility a series of DDoS attacks vs. 14 US airports.