The head of of the GCHQ believes that distributed denial of service (DDoS) attacks could be eliminated completely if internet service providers (ISPs) were to completely rewrite their software and its code.
The technical director of GCHQ’s National Cyber Security Centre, Ian Levy, is already preparing to engage in talks with ISPs, such as BT, over how they could be the key to ending DDoS attacks. After the cyber attacks that occurred as a result of the Mirai malware were made public, GCHQ made it a priority to prevent further attacks that could be launched using the same measures.
In a recent interview with The Sunday Telegraph, Levy offered further details on his plan to end DDoS attacks once and for all, saying: “We think we can get to a point where we can say a UK machine can’t participate in a DDoS attack. We think that we can fix the underpinning infrastructure of the internet through implementation changes with ISPs and CSPs”.
However, according to the UK Internet Service Providers Association (ISPA), Levy is taking on a quite serious problem with a “we can fix it — it’s easy” approach that fails to highlight the complexity of the issue in its entirety.
An earlier blog post from Levy made it clear that he and the GCHQ truly believe that such a move could be successful, saying: “I’d like to be able to say that UK machines will not be able to easily participate in a scaled DDoS attack. Once we have proved this works, we intend to work with the international ISP and IX community to have similar protections built into other major exchanges to make DDoS and prefix hijacks globally much harder prospects”.
As cyber attacks have increased in scope and severity in recent years, organisations and businesses from around the world are continually looking at ways to mitigate the damage they can cause.
Levy may be examining the issue from an overly simplistic viewpoint but at least the GCHQ has recognized the danger that these attacks pose to businesses and citizens.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.