CISA Releases Guidance on Adopting DDoS Mitigations

The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations. DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible. Meant to help federal agencies prevent “large-scale volumetric attacks against web services”, CISA’s new guidance (PDF) shares details on prioritizing DDoS mitigations depending on mission and reputational impact, and describes various DDoS mitigation services to help agencies make informed procurement decisions. The guide, however, only focuses on DDoS attacks targeting websites and related web services, which are meant to deny users access to them. According to CISA, before deciding which type of DDoS mitigation to adopt, federal agencies should make an inventory of agency-owned or -operated web services, and then analyze the impact a DDoS attack would have against those services.