With Distributed Denial of Service (DDos) attacks getting bigger and more disruptive, the Defense Department wants new ideas for defending its networks.
No one wants to be the target—or the victim—of a Denial of Service attack. Although the attacks don’t do permanent damage to systems, for a company, they can disrupt business and cost money. For the Defense Department, the stakes are higher. DDoS attacks can disrupt critical command and control networks, interfere with situational awareness, jeopardize missions, and put lives at risk.
DDoS attacks are on the rise and they leverage more bandwidth against targets, so the Defense Advanced Research Projects Agency is looking for the next generation of network security. It is soliciting innovative ideas [https://www.fbo.gov/index?s=opportunity&mode=form&tab=core&id=90adebdc1ca6076cd48b62bee1e20332&_cview=1] that “enable revolutionary advances” in defense against DDoS attacks. The Extreme DDoS Defense (XD3) program will fund development of the best ideas and is expected to award multiple procurement contracts or cooperative agreements over the next three years.
Current defensive techniques just don’t cut it against modern DDoS attacks, DARPA says. Network-based filtering, traffic diversion and replication of data are too slow in military environments that require high levels of reliability, blocking attack traffic can also disrupt legitimate traffic, and encrypted tunnels complicate detection and response.
“A clear need therefore exists for fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches,” DARPA said.
One of the areas DARPA wants to see addressed in XD3 is cloud computing. DoD takes advantage of the cloud to provide global access to critical resources, but the cloud can provide rich targets for DDoS attacks. So, DARPA is soliciting proposals for “Manageable Dispersion of Cyber Resources.” This essentially is scattering resources so they do not present a single, easily compromised target. The challenge in this approach is the impact on performance when time is critical, especially in situations with highly variable bandwidth. The goal of this task according to the solicitation, “is to devise and demonstrate new architectures that physically and logically disperse these capabilities while retaining (or even exceeding) the performance of traditional centralized approaches.”
dinCloud already has rolled out a cloud Domain Name System (DNS) service in response to the growing number of DDoS attacks. The service, dinDNS, lets customers bundle domains so that they can rapidly move resources to keep them available during an attack, making them virtually impervious to DDoS. The dinCloud Anycast network is spread across more than 20 data centers around the world and users can choose where each of their services is hosted. The network works with the ThreatSTOP IP Reputation response system to counter DDoS traffic from botnets, keeping distributed resources continuously available. dinDNS is one more way dinCloud differentiates itself in providing a higher level of security for government and private sector customers.
DARPA’s XD3 program will be funded in two 18-month phases beginning in April 2016. Proposals are due by Oct. 13. You can obtain more information about the program by e-mailing XD3@darpa.mil.
William Jackson is a freelance writer with the Tech Writers Bureau and author of The Cybereye. Follow him on Twitter @TheCybereye.