Recent DDoS attacks in the Netherlands, targeting banks, the airline KLM and the governmental identity management platform DigiD – each causing substantial financial losses – go to show how much society has come to depend on the internet, and how vulnerable vital websites and services are to this kind of attack, which, technologically speaking, could be organised by nearly anyone with an internet connection. But it wouldn’t solve anything to authorise the police to ‘hack them back’, as minister Opstelten (Dutch minister of security and justice) proposed last week. That would just be the next chapter in a cat and mouse game: the attackers too are working on improving their methods. It might even cause the Netherlands to fall victim to online attacks more often, because this proposed police hacking could be taken as provocation by the hacking community. So should we just accept this vulnerability in our society and put up with vital services being down regularly, or should we look for a different kind of solution?
To stop disruption from foreign DDoS attacks, we should set up a ‘national internet’, to which indispensable websites and services like DigiD and online banking could connect as a backup system. This national internet should be directly connected to Dutch internet providers, like XS4ALL, Ziggo and KPN. Foreign internet connections – which is where most DDoS attacks originate from – will not be connected to the national backup internet. This way, the vital websites and services would normally still be available around the world, but in case of (severe) DDoS attacks, the damage would be limited to our national borders, which would mean far less disruption and losses. Just creating a national backup like that would already make Dutch targets less appealing for cyber criminals due to their limited impact.
Finding the perpetrators
Of course, DDoS attacks could still occur inside the Dutch network, but they wouldn’t as quickly assume the same magnitude as an international attack, and most importantly they would also be easier to investigate and then block. While the trail law enforcement has to follow to find the perpetrators now often ends at the national border, in the event of an attack from inside the country it’s often feasible to physically locate the computers that were used and investigate how they factored into the attack. And find the perpetrators.
With a national internet, it’s possible to use an intelligent warning system, which automatically stops sudden attacks to vital services as much as possible, working together with the connected Dutch internet providers. This system could also be used to generate anonymous statistical data, yielding an up-to-date threat overview, not just for law enforcement but also particularly for companies and organisations, which are now in the dark about these recent attacks and don’t really know whether and how they should arm themselves. By gathering attack data for all vital services, linking them and distributing them, it should become possible to more quickly report attacks targeting more than one vital website at once, but also to counteract attacks by taking security decisions based on this information. Furthermore, researchers should be able to use these data when researching better protection methods.
Link protected networks
There doesn’t seem to be any alternative: it isn’t feasible to have every Dutch organisation purchase top-of-the-range DDoS protection, or to always deflect every attack manually. A ‘national firewall’ that could completely isolate the Dutch internet from the outside world is not an option. That would not only go against the open nature of the internet, but it should also be out of the question from a principled point of view, considering that in theory this would enable mass censorship ó which is already happening with similar systems in e.g. China.
Vital services in all member states of the European Union should work on similar networks, so that these national ‘safe’ networks could be connected to one another in the future. This would create a safer, more stable internet that enables local authorities to more quickly locate and stop attacks. A safe haven, remaining stable and available within its borders even in the face of the most severe worldwide cyber attacks, making vital services less interesting targets for digital troublemakers, and maybe even for serious criminals too: they’d have better things to do. And for countries with no safe internet, ‘safe’ connections could be arranged for places like embassies. If you can’t beat them, just keep them out for now.