Cyber Attacks on Governments

These are really two separate and distinct (but really good!) questions. Let's parse through each one separately. First, a common approach to dealing with DDoS attacks is to add the IP addresses of known sources of bad packets to the so-called firewall blacklists that prevent future packets from such address from getting through. Also as mentioned above, the risk can be lowered by distributing the functionality of a Web site across a number of different servers, as opposed to having everything centrally located.

As to the exposure of sensitive information, certainly greater interconnection increases the sources of risk but that can be mitigated by a coordinated approach toward cybersecurity involving all stakeholders (government, business, and citizens). Greater interconnection is inevitable, so everyone must work together to solve the problem. Several recent studies have looked at this issue comprehensively and offer ideas for moving forward.

These include "Securing Cyberspace for the 44th Presidency" from the CSIS Commission on Cybersecurity for the 44th Presidency on which I served and the "Cyberspace Policy Review" that was conducted by Melissa Hathaway and her team. Both contain a number of broad policy and technology recommendations and action plans.

To the first question the answer is yes. Modern firewall software and Intrusion Detection Systems, or IDS, allow for detection of such patterns. However a DDoS relies on the traffic arriving at your network or machine and not necessarily on a successful connection. Hence it is important when under DDoS to coordinate with your ISP so that they can block traffic deeper in the network.

Generally, sensitive information is kept separated from the public network to provide protection from this type of attack.