Slashdot Mirror
FCC Says Its Specific Plan To Stop DDoS Attacks Must Remain Secret (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system. Democratic Leaders of the House Commerce and Oversight committees then asked Pai what those additional solutions are, but they didn't get much detail in return.
"Given the ongoing nature of the threats to disrupt the Commission's electronic comment ling system, it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internetbased solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs." The CIO's answers to lawmakers' questions were sent along with a letter from Pai to Reps. Frank Pallone, Jr. (D-N.J.), Elijah Cummings (D-Md.), Mike Doyle (D-Penn.), DeGette (D-Colo.), Robin Kelly (D-Ill.), and Gerald Connolly (D-Va.). The letter is dated July 21, and it was posted to the FCC's website on July 28.
"Given the ongoing nature of the threats to disrupt the Commission's electronic comment ling system, it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internetbased solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs." The CIO's answers to lawmakers' questions were sent along with a letter from Pai to Reps. Frank Pallone, Jr. (D-N.J.), Elijah Cummings (D-Md.), Mike Doyle (D-Penn.), DeGette (D-Colo.), Robin Kelly (D-Ill.), and Gerald Connolly (D-Va.). The letter is dated July 21, and it was posted to the FCC's website on July 28.
It was in a drawer next to Trump's plan to defeat ISIS. More details to follow.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
After all, unvetted encryption and security have never failed. And the best security is obscurity!
I know all of you are concerned about Net Neutrality and would like to submit your claims on our site, but someone decided to attack us when you visited our site. Oh, you want evidence of the hack? Sorry, we cannot provide that. But rest assured, it will be prevented in the future. Oh, you want to know how we will prevent it? Well, that's a secret too. Oh, you don't think it actually happened? No, it did. Don't worry.
There was never a DDOS attack. It was a delibarate attemps by the FCC to silence the critics of its plan to kill net neutrality.
Step #1: Listen to the American public and industry leaders and SUPPORT NET NEUTRALITY.
Expect my consultation bill in the mail, Mr. Pai.
Even with the ancient adages about "security via obscurity", one does not wisely broadcast details about the security systems one is using. It's called "infosec", or more broadly, "opsec".
Then again, it ican be just as important to keep the fact that there is no plan a secret.
We have had many plans that were bragged about by the party of the moral high ground turn out to be no plan at all. OBlamacare repeal, the Freedom Jesuscare health act, and everything Don for Life has ever promised. If the model is followed, it involves shutting the computer off and not much more.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.