Donate
The DDoS Attack Against Liberia – we must take collective action for the future of the Open Internet Thumbnail
‹ Back
Improving Technical Security 4 November 2016

The DDoS Attack Against Liberia – we must take collective action for the future of the Open Internet

Olaf Kolkman
By Olaf KolkmanChief Internet Technology Officer

If it was not clear yet: the Internet Society condemns those that perform large-scale distributed denial-of-service (DDoS) attacks on Internet infrastructure and services.

These attacks are a threat to all the opportunities that the Internet brings.

Bumping a small nation off the Internet map worries everybody, including those that are most friendly to the open nature of the Internet. These sort of actions will cause reactionary measures that lead to fragmentation, decrease the ability for permissionless innovation, and give rise to calls for measures that prevent any anonymous or privacy-protecting behaviour on the Internet.  If bumping a nation from the Internet doesn’t worry enough Internet-friendly people in positions of power then another DDoS attacks with societal impact will.

I am going to be hopelessly naïve and call upon those that are involved with these botnets: stop spoiling your own nest.

On a less emotional note. “The Internet only just works” was the title of a 2006 paper by Mark Handley. His main argument was that the Internet collectively addresses issues when they get urgent. In the past two years, the dynamics of DDoS attacks seems to have changed in scale and magnitude. Individuals, organisations, companies, and even countries are impacted.  That should make it clear that there is urgency in addressing the root causes of this problem. The outline of the agenda for that l laid out in my previous blogpost:

  • Producers follow, and share, good design practices;
  • For every product sold there is a way that security researchers can responsibly disclose vulnerabilities found;
  • Producers can fix, or patch, these vulnerabilities during the lifetime of the device (Field Upgradability);
  • We clearly understand what happens if the product, or the supporting producers, reach end-of-life (Device Obsolescence);
  • Consumers can make informed choices based on these properties (Cost vs. Security trade-offs);
  • Data that IoT devices collect are protected and dealt with in privacy-honoring ways (Data Confidentiality and Access Control); and
  • Those who go about device security in an irresponsible way get penalised.

The global division in the level of interconnection and human capacity and experience is sadly exposed. I know that the Internet technical community is doing everything in its power to limit the effects of the DDoS attacks, but unfortunately, a western company like Dyn is in a much better position to cope with the effects of a DDoS than the Liberians. That suggests an agenda of capacity building. Capacity building in technical operation and security management around all the world has always been one of our priorities. We have been convening efforts to mobilise the community such as MANRSanti-spoofing work and DNS security.  We, the Internet Society, together with numerous partners, will continue developing and strengthening capacities for coping with this sort of problems, with a special focus on developing countries.

The apparent and sudden rise in scale and frequency of DDoS attacks makes this a very urgent problem, one of those that Handley told us will get fixed. But to get there collective action is needed, across the industry, the public sector, by law enforcement, and consumers, by all stakeholders.

All to protect the Open Internet, an Internet of opportunities.


Image credit: Google Maps

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Trust isn't easy: Drawing an agenda from Friday's DDoS Attack and the Internet of Things
Trust isn't easy: Drawing an agenda from Friday's DDoS Attack and the Internet of Things
Improving Technical Security24 October 2016

Trust isn’t easy: Drawing an agenda from Friday’s DDoS Attack and the Internet of Things

Last week, millions of infected devices directed Internet traffic to DNS service provider Dyn, resulting in a Distributed Denial of...

WSIS+10 And The Challenge Of Securing The Internet
WSIS+10 And The Challenge Of Securing The Internet
Improving Technical Security8 December 2015

WSIS+10 And The Challenge Of Securing The Internet

In just one week, representatives of governments from all around the world will gather at the UN headquarters in New...

Internet of Things Devices as a DDoS Vector
Internet of Things Devices as a DDoS Vector
Internet of Things (IoT)11 April 2019

Internet of Things Devices as a DDoS Vector

As adoption of Internet of Things devices increases, so does the number of insecure IoT devices on the network. These...

Join the conversation with Internet Society members around the world