The Cybersecurity and Infrastructure Security Agency (CISA) has released new actionable guidance that focuses on mitigating volumetric distributed denial-of-service (DDoS) attacks against government websites.
The new guidance titled “Capacity Enhancement Guide (CEG): Volumetric DDoS Against Web Services Technical Guidance,” was released on Sept. 6 and aims to help Federal Civilian Executive Branch (FCEB) leaders by keeping them informed of new mitigation techniques.
“This guide is designed to assist FCEB agencies in evaluating and mitigating the risk of volumetric DDoS attacks against their websites and related web services, including by informing investment decisions by agency leadership,” CISA said.
The guide is comprised of two key sections that provide guidance on what actions agencies should be undertaking to prevent such attacks.
The first section provides agencies with “guidance to prioritize DDoS mitigations based on mission and reputational impact.” It outlines four steps for agencies to prioritize based on mission and reputational impact, and for customizing “as necessary for their own missions and operating environments.”
The second section “provides technical guidance for agencies to consider when mitigating DDoS attacks on web services,” states the guide.
“DDoS protections can vary in cost and capability, with some protections providing more coverage and guaranteed availability than others. This section compares various approaches to mitigating DDoS attacks, so agencies can select the appropriate mitigation methods,” it says.
The guide also cautions that it does not cover every type of DDOS attack.