Organizations will be able to alert one another about incoming distributed denial of service attacks through one network “sooner rather than later,” according to Erin Chapman, program manager at Galois.
Galois, a small company of about 50 people based in Portland, Ore., is working with the Department of Homeland Security Science and Technology Directorate to create a tool that will help partners stop DDoS attacks from spreading.
“We want to use a community of collaborative partners to mitigate problems with DDoS attacks,” said Adam Wick, research lead at Galois.
DDoS attacks occur when a computer is flooded with so much information that it cannot respond. Last October, the domain name management company Dyn suffered a DDoS attack that crippled major websites including Netflix, Twitter, and Visa.
Galois’ tool, called DDoS Defense for a Community of Peers, offers a network for service providers across the Internet to communicate about cyberattacks. When one member suspects a DDoS attack is occurring, it sends an alert to its peers so they can prevent the attack from spreading and assist in shutting it down. Most of the peer groups that are piloting the tech already have relationships with one another, such as university consortiums, Chapman said. Wick stated that he believes Galois’ collaborative network can scale to as many as want to join.
Dan Massey, a program manager within S&T’s Cyber Security Division, said that DDoS Defense for a Community of Peers offers a collaborative network similar to the ones on which adversaries thrive.
“A big motivation from DHS’s standpoint is that the bad guys are already collaborating. They’re very good at exploiting the Internet,” Massey said in an interview with MeriTalk. “Now, it’s more of a fair fight.”
Galois’ partnership began in September 2015, when S&T awarded eight contracts totaling $14 million to organizations that specialize in technologies to defend against DDoS attacks. S&T’s three-year partnership with Galois is more than halfway complete, Massey said. He said the network should be on the market in the next few months.
Jem Berkes, senior engineer at Galois, said the tool is an opportunity for big providers to get a head start on DDoS defense.
“This project is one of several related efforts. The similarity is ‘How do we help the good guys against the adversaries?’ ” Massey said. “This is tech that is at a mature stage.”