What can Italian ISPs learn from Dutch cooperation to stop DDoS attacks?

Cybersecurity knows no boundaries. Criminals and hackers can attack companies and individuals via the internet without any limitations. Our own research shows that DDoS attacks are becoming more sophisticated and larger. In 2019, heavy DDoS attacks were carried out in Italy, among other countries, in order to disrupt or penetrate companies and government organizations. International cooperation is needed to stop cyber attacks more effectively. An example of this is the international availability of the non-profit NaWas DDoS scrubbing centre. What can Italian ISPs learn from the Dutch approach and European cooperation to stop DDoS attacks in the future?

More, smarter and heavier

The complexity and size of DDoS attacks in 2019 has increased significantly compared to 2018. Furthermore, these attacks are taking longer and longer and are becoming both smarter and heavier. A most recent example of such a smarter attack is the so-called GRE flood, with which cyber criminals focus on the GRE tunnel protocol in network packages. Cyber criminals are constantly looking for new vulnerabilities.They increasingly use GRE tunnels in network nodes because the often encrypted GRE traffic is more difficult to stop, concludes Octavia de Weerdt, director of the NBIP Foundation in the report.

NaWas by NBIP is already protecting 42% of all .nl domain names against DDoS attacks with the National Scrubbing Center. NBIP was started in 2002 by and for ISPs, the NaWas also shows that collaboration is a successful method to protect providers and their customers against an increasing number of cyber attacks. An alliance of ISPs and operators of Internet Exchanges provides participants with so much more than the implementation of a single commercial security solution. NaWas is a proven effective best-of-breed cloud solution, based on the latest technology and open standards.

Sharing knowledge and costs

Another important advantage of jointly countering cyber attacks is the sharing of all the knowledge and experience. Similar to joining forces for developments within the global open source community. Sharing the costs is also an important aspect of collaboration for many ISPs, because the required investments in cyber security are increasing. The number of NaWas users has grown rapidly over the past five years because sharing the costs is much cheaper than if all ISPs had to invest in their own solutions. Recently, more and more ISPs from other European countries have also become aware of this.

Since 2019, NaWas is also being used by ISPs in Germany, Italy, Austria and the United Kingdom. By further expanding the community, all participants become stronger and the costs can be shared amongst a larger number of companies. The NaWas is a flexible scalable platform for stopping DDoS attacks, which can easily be deployed in multiple countries. In addition to its member ISPs, NBIP also cooperates with universities that conduct scientific research into developments in the field of cyber security and security suppliers that provide solutions and complementary services.

Collaboration with IT.Gate

The NaWas ‘washes’ the DDoS traffic clean and only sends clean traffic back to the NaWas participant via a separate VLAN (currently via AMS-IX or NL-IX). In this way, systems and services remain available and the DDoS attack is rendered harmless. Through partnerships with IT.Gate and others, the same solution can also be used on a non-profit basis in Italy. With exchanges in Milan, Rome and Turin, this is an important partnership to better secure the Internet for all Italian ISPs and their customers. Like other NaWas users, ISPs in Italy also need a proven cost-effective anti-DDoS solution and the sharing of knowledge and experience.

Additional security services

New international partners of NBIP can initially use the existing NaWas solution via the internet in an easily accessible way and gain practical experience for their customers. Depending on the developments, it is also possible to invest in a local scrubbing center together with interested partners. Based on the same strategy of sharing knowledge, experience and costs, NBIP also develops additional security services. Some examples are a DDoS detection-as-a-service (DaaS), DDoS testing-as-a-service (TaaS) and a web application firewall. International partners can of course also benefit from this in a cost-efficient way.

NBIP is currently working with other players in the market, government and educational organizations on a broad anti-DDoS coalition. One of the most important objectives is the creation of a shared central DDoS database to characterize DDoS attacks, enabling all parties involved to protect themselves proactively. This so-called Clearinghouse DDoSDB will soon be available as an extension to the existing DDoS security of ISPs.

Frank Dupker, European Network Manager NaWas van NBIP