The FCC Has A Plan To Stop DDoS. And It Wants To Keep It A Secret

the_fcc_logo

The FCC is planning to do something to protect its security systems from further DDoS attacks. But it doesn’t want to share details with anyone.

DDoS attacks are troubling everyone and everywhere.

So it is about time that the Federal Communications Commission has decided to do something about the rampant increase in the frequency of major DDoS attacks.

What’s the FCC’s plan?

Well, according to the FCC, the plan will essentially try to prevent future DDoS attacks.

Okay. That’s great we already knew that.

But what is the plan?

Sorry.

FCC doesn’t want to tell you.

Or anyone else.

More specifically, the Federal Communications Commission said that it would not reveal any technical details.

Why?

Because doing so may undermine the integrity of the FCC’s system security.

FCC And The Congress

Chances are that the Federal Communications Commission already has a master plan to fight against future DDoS attacks.

But it doesn’t plan on telling anyone about its plan.

How do we know what?

Because this is exactly what the FCC told Congress members.

The FCC told the COngress that the organization would not disclose how it had planned to stop DDoS attacks in the future.

The Federal Communications Commission talked to the Congress via the public comment system, if that makes any difference.

The May 8 Incidence

the_fcc

Everybody knows that the FCC has come under a lot of criticism from the public for its recent proceedings.

Most of you probably know that on May 8, 2017, something (probably hackers) disrupted the website for the public comments system.

People tried to submit their comments on FCC Chairman Ajit Pai’s upcoming plans regarding dismantling all present net neutrality rules, but couldn’t.

It turns out that Democratic lawmakers along with the FCC’s Chairman Ajit Pai have actually exchanged letters with each other on the issue.

According to an official FCC statement:

people could not submit their comments on Ajith’s plans because hackers had got to the FCC’s official website with the use of DDoS attacks.

Okay, that sounds horrible.

The obvious next question is, “did FCC do something about the situation?”

Not much.

Even if it did, it certainly isn’t telling anyone about it.

The Federal Communications Commission has not revealed much information about what the organization is doing in order to ensure that there are no future DDoS attacks of this nature.

But the Federal Communications Commission did say:

 (in the form of a letter about a month ago) that the organization had its members researching supplementary solutions in order to protect and safeguard the public comment system.

More Questions For Ajit Pai

At least we now know that some folks are paying attention to what Ajit Pai is saying and doing.

Democratic Leaders of the Oversight committees and the House Commerce asked the FCC chairman about the organization’s supplementary solutions that Ajit talked about.

Just as before, neither Ajit Pai nor anyone else from the organization bothered to furnish them with much detail.

In other words, they gave an empty response.

The Federal Communications Commission chief information officer said that the Commission’s electronic online public comment filing system was a sensitive service.

And that the nature of the cyber threats it faced meant that the organization could not provide details about those additional solutions because they would undermine the organization’s system security.

Hence, the FCC would not provide anyone with the specific roadmap it has planned as a part of its additional solutions strategy.

Moreover, the information officer said, the organization can also say that the Federal COmmunications Commission’s Information Technology staff had done their best to work with the different commercial cloud service providers in order to implement the best internet-based online solutions.

This would also help the FCC to limit and restrict the amount of damage and disruption that a bot-related online activity could cause in the future.

And No, The FCC Did Not Talk About Any Hardware Either

the_fcc_suffered_DDoS_attack

DDoS attack or not DDoS attack, the commission is not going to tell you anything.

Why?

Because, according to the FCC:

that would also undermine the organization’s system security.

The chief information officer had a couple of more exchanges with the various US lawmakers.

The conversation proceeded mainly in the form of questions where lawmakers directed their questions toward the FCC chairman.

The chief information officer answered those questions.

He also sent a letter from FCC Chairman Ajit Pai to representatives such as,

  • Elijah Cummings who is a Democrat from Maryland
  • Frank Pallone Jr. who is a Democrat from New Jersey
  • Mike Doyle who is a Democrat from Colorado.
  • Robin Kelly who is a Democrat from Illinois
  • Gerald Connolly who is also a Democrat from Virginia

Media reports published on various new sites have also confirmed that the Ajith’s letter to these Democrats was dated July 21st.

The FCC posted the letter on its official website on July 28.

The US lawmakers also asked the chief information officer questions regarding the hardware resources that the organization committed in order to improve the public comment system’s real uptime.

In an answer to those questions, the chief information officer again pointed out that the FCC had decided to not reveal any specific details about their new plan because it could lead to the undermining of the FCC’s security.

FCC Official Response

The FCC, in an official statement, said that the Federal Communications Commission’s Electronic Comment Filing System had a cloud-based architecture.

The FCC also said that their commercial partners actually provided the hardware resources for their Comment Filing System.

Moreover, the FCC statement said, the organization could not provide the specific roadmap of the organization’s work because that would undermine their system security.

However, the statement read, the FCC would like to state that:

The IT staff had notified and informed the organization’s cloud service providers their need to have appropriate hardware resources.

The FCC statement ended by stating that the FCC needed sufficient hardware support in order to accommodate and manage high-profile proceedings.

The FCC Has Denied Multiple Public Record Requests.

But why?

Let’s try our best to find that out.

Recent media reports say that the Federal Communications Commission had refused several FoIA, or Freedom of Information Act requests.

The requests mainly pertained to the FCC’s response that it could not reveal much details about recent DDoS attacks.

News sources say that the FCC denied a specific Freedom of Information Act that Ars Technica sent to the FCC a little while ago.

The FCC, back then, said that the organization could not reveal any related emails or even other forms of communication record that related to the DDoS attacks.

Ther reason?

According to the FCC, the organization had an ongoing and internal investigation.

And hence could not comment on the recent DDoS attacks.

The FCC also said that if the organization released the records that related to the DDoS attacks then that would interfere and impede with that internal investigation.

This is what the FCC told representatives from Arstechnica.

It turns out that Gizmodo had also sent the FCC a Freedom of Information Act request.

The FCC denied that too.

In a way.

In other words, the FCC told Gizmodo that the organization’s initial analysis regarding the DDoS attack had actually stemmed from the real time feedback and observation by the FCC’s IT personnel.

The FCC also said that the organization’s initial analysis did not conclude with a written documentation.

And hence they couldn’t provide the information Gizmodo had asked for.

Kevin Collier

Kevin Collier, who is a freelance journalist, had actually filed a legal lawsuit against the Federal Communications Commission.

He alleged that the Federal Communications Commission did not comply with the Freedom of Information Act requests that related to the alleged Distributed Denial of Service (DDoS) attack.

Moreover, Kevin had also alleged that astroturfers had actually generated the FCC’s recent analysis of the anti-net neutrality comments.

Where Are The Law Enforcement Agencies? And Where Is That Investigation?

the_fcc_tried_to_hide_attack_incident

Moreover, the CIO of the organization says that its IT team did not consider the DDoS attack as big enough to report.

Till now, no media source has reported of any law enforcement agencies getting involved in the Federal Communications Commission’s ongoing internal investigation.

Why?

Because some law enforcement agencies think that the DDoS attacks on FCC’s official website had no significance.

Or didn’t have the right amount of significance.

The FCC said in a letter the organization sent to House Democrats that the Federal Communications Commission had consulted with the Federal Bureau of Investigation following the DDoS attack incident.

And both parties agreed that the DDoS attack on FCC’s official website did not qualify as a significant cyber attack.

In the same letter, the FCC also said that the Presidential Policy Directive-41, or PPD-41, had contained the same definition of a significant cyber attack.

And hence both parties could find no inconsistency with their agreement.

Perhaps, this is a good time to mention that the Federal Communications Commission did not inform the Congress of these recent DDoS attacks.

But that is only true if we are considering the process that is outlined under the Federal INformation Security Management Act or FISMA.

The Federal Communications Commission did provide the necessary background information to a Congressional committee office though.

The FCC letter also explained that the organization did not provide any Federal Information Security Management Act based notification to the Congress.

The reason?

As we have mentioned before, the FCC had determined that the recent DDoS attack did not qualify as a major incident under the definition set by the Office of Management and Budget or OMB.

And since the DDoS attack did not meet the required criteria, the FCC did not deem it necessary to report the DDoS attack incident to the COngress under Office of Management and Budget Federal Information Security Management Act guidelines.

Ajit Pai’s Response

Ajit Pai, the Chairman of the Federal Communications Commission, told the House Democrats that they should trust him.

And that the FCC had the DDoS attack situation under control.

Pai wrote in an official statement that the docket now contained slightly more than ten million comments in total.

This, according to Pai:

demonstrated that the FCC’s processes facilitated the widespread and massive public participation in the organization’s proceedings.

Although Ajit did say that he could not guarantee that the FCC would not face more attempts from hackers to disrupt their systems.

He said that the FCC staff had constantly monitored and reviewed the recent situation.

The staff at the FCC also worked hard to ensure that everyone who wanted to seek a comment on the Federal Communications Commission’s proceeding would get the opportunity to do so without any difficulties or delays.

What Do The People Think?

We’re quite sure that some people in the media think that this is just a conspiracy by the Federal Communications Commission to hide its anti-hacking plan.

Some think that the FCC’s plan actually requires some form of secrecy in order to reach its completion (read: successful) stage.

And that the media had already exposed the fact that the Federal Communications Commission tried to hide information about the DDoS attack.

Some believe that the FCC is straight up lying when it says that the recent DDoS attacks did not qualify as significant enough hacking events.  

Of course, such actions would give rise to a sense of lack of trustworthiness on the people from the FCC.

And some have already started to question the authenticity of whatever FCC representatives say to the media.

Some also say that Pai, since taking over the office, has not even tried to tell the full story to the public for a variety of reasons.

Others believe that isn’t the case.

And that Ajit always had this inclination to make stuff up in order to hide something he did not want to make public.

The only problem is that Ajit is now the Chairman of the Federal Communications Commission.

And that means, he now carries the weight of the whole Republican majority behind his back.

Conclusion

Ajit along with the FCC should make more efforts in order to form a bond of trust between the public and the organization.

Otherwise, the FCC and its actions will only attract more scrutiny from certain sections of the media.

The FCC should also try to entertain more Freedom of INformation Act requests.

It should ensure that people are able to utilize the public comments system in order to voice their opinion.

What do you think about the whole situation?

Do you think that the FCC is trying to hide something from the public?

Do you believe that Ajit has not provided enough with his answers to the House of Democrats?

If the FCC indeed has a plan against future DDoS attacks, why is it hesitant to publicize the details of the plan?

Do let us know your thoughts by using the comments section below.

We here, at Security Gladiators, work very hard to bring you the very best of information and technology.

If you feel that our reports add something to your daily lives then consider subscribing to our news site.

 

COMMENTS

WORDPRESS: 0

The FCC Has A Plan To Stop DDoS. And It Wants To Keep It A Secret

by Zohair time to read: 9 min
0