Defense Dept. Seeks Cyberattack Protection

The Department of Defense is looking for new ways to protect its sensitive but unclassified network against distributed denial of service (DDOS) attacks, the same type of cyberattacks that took aim at several federal government Web sites last week.

The main Web site of the Department of Defense and the Web site of U.S. Armed Forces in Korea were both targets of last week's distributed denial of service attacks, according to a list of targeted sites compiled by Verisign iDefense.

The Department of Defense is looking to replace a five-year old system from a commercial vendor that, despite its effectiveness in keeping those sites online last week, is nonetheless "showing its age" and is ready to be replaced, according to a Defense Information Systems Agency spokesman.

"The Department of Defense gets nailed with scans hundreds of times each day, and when you're this big or lucrative a target, you tend to take threats more seriously," the spokesman said.

In a request for information posted online Monday, the DISA said it was looking for a product that could detect and react to DDOS attacks, and in the course of doing so also enable the Department of Defense to monitor traffic crossing back and forth from the Internet to the Non-Classified Internet Protocol Network (NIPRNet), the Department of Defense's unclassified network.

DISA is looking for a system that would monitor inbound and outbound traffic at 11 Internet gateways, identifying anomalous traffic and informing DDOS events within five minutes of the start of the attack. The volume of traffic that would have to be handled by such a system is enormous: DISA estimates current traffic rates at 80 million flows per hour inbound and 35 million flows per hour outbound at the most heavily used circuits.

InformationWeek has published an in-depth report on leading-edge government IT -- and how the technology involved may end up inside your business. Download the report here (registration required).