This week, the largest cyber attack to date hit the Internet.
Spamhaus, an anti-spam company, placed Cyberbunker on their black-list of spam generating companies. Cyberbunker quickly retaliated with a Distributed Denial of Service (DDoS) attack, which essentially overwhelms a system with requests.
The initial attack failed to overwhelm Spamhaus and CloudFlare, a security firm hired by Spamhaus soon after the attacks began. When the DDoS attack failed, Cyberbunker widened the assault by exploiting a weakness in the Internet infrastructure. This weakness allowed the impact of the attack to be magnified by 50 times by using decentralized cyber nodes around the world as a means of attacking these two companies. This meant that although only two companies were specifically targeted, the attack jammed cyber infrastructure worldwide, causing Internet traffic to slow across the world.
This is not the first cyber attack to make headlines. Over the past several months, China has targeted U.S. banks and newspapers. Just last week, South Korean banks and television broadcasters were hit with a sizeable cyber attack. However, this most recent attack by Cyberbunker is not just another iteration of something that has been seen before.
The damage cyber attacks can cause is growing. While previous attacks affected only the targeted entities, this attack affected the entire Internet. But while the threat is serious, Congress needs to take the time to get this right. The President has issued an executive order on the issue that could end up causing more harm than good. In general, cyber regulation is static and harms innovation, which may ultimately lead to an overall reduction of U.S. cybersecurity.
Instead, Congress should promote private-sector innovation by creating an environment that promotes information sharing. Currently, private-sector companies may be opening themselves up to lawsuits when sharing cyber threat information. Without protection from lawsuits, companies are discouraged from sharing information that would boost national cybersecurity.
Additionally, any legislation that is enacted needs to take into account the dynamic nature of the cyber realm. The processing power of computers doubles every 18–24 months, while it takes 24–36 months to write a major regulation or rule. If legislation cannot account for this reality, we will always be playing catch-up, which would ultimately damage cybersecurity.
This most recent cyber attack is yet another example of the escalating nature of this threat. Congress needs to take thoughtful steps in crafting a dynamic solution to the unique threats the cyber realm presents.
Sarah Friesen is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.