Fanning the flames: "Cyberattacks could have been mitigated"

Before I saw anything else, let me just say that security expert John Bumgarner doesn't really know what he's talking about.

I should start at the beginning. The context here is the recent DDoS attacks against South Korean and US targets. Bumgarner is one of the people given opportunity for public comment by the news media, particularly here:

“Large banks in the United States have great relationships with service providers, so why doesn’t the U.S. government have a good relationship with their service providers to ensure that they can quickly turn the spigot off?” asked John Bumgarner, research director for security technology at the U.S. Cyber Consequences Unit, an independent research institute.

- Cyberattacks could have been mitigated

Good question. The answer is: they do.

Could those relationships and information sharing to respond to incidents of this nature be improved? Sure. That will always be true, it doesn't take a security expert to realize that. Did response and mitigation of the attacks benefit from collaborative relationships between public and private sector, and within private sector organizations? Yes, absolutely.

I'm not sure if Bumgarner realizes how complex DDoS attacks are. They aren't extremely complicated, but they aren't a matter of calling up Joe ISP and saying "turn off this bad guy, they are giving us packet love". The list of bad guys - actually compromised PCs sitting in consumers' living rooms and offices - are large, the ISPs providing them access are many, and they don't just live in the US. They are all over the place. They are your neighbour next door, they are relatives in other countries, they are students' PCs in inadequately controlled academic networks (my sympathies go out to anyone given responsibility for an academic network without the authority to actually deliver). The weapons used by faceless kiddies and/or government sponsored uberhaX0rs are distributed, and hard to track down in many cases. The phrase "whack a mole" is often used in the industry. Think about what that implies.

So, in short: Mr. Bumgarner, you have a lot of learn about how things actually work with regard to government and ISP cooperation. If and when you find out how things actually do work today, I suspect you will regret the quotes attributed to you by FederalComputerWeek.

(I found this story originally care of Infosecnews)

Cyberattacks could have been mitigated - InfoSec News: Cyberattacks could have been mitigated: http://fcw.com/articles/2009/07/13/week-cyberattacks.aspx

By Ben Bain
FCW.com
July 09, 2009

Agencies and their service providers need better coordination to quickly
stop the type of cyberattacks that recently targeted government Web
sites, security experts say. [...] [InfoSec News Mailing List]