DDoS attacks on public sector web services decrease public trust and general feeling of safety

Jari Kivelä, IT Security Manager, Netum

Recent events have shown that the threat landscape in cyber security is inevitably increasing. The digitalization of public services expands the attack surface, and attackers develop new tools constantly. In addition to affecting the availability of crucial public web services, compromised security damages the general sense of safety and national image.

During the past year, the web portal for public sector services in Finland, Suomi.fi, has been a target for recurring distributed denial-of-service (DDoS) attacks. The first attack caused many crucial government websites to go down for many hours. The incident received wide media attention, and the public sector was criticised for not being prepared enough for it.

Effective solutions against DDoS attacks stop malicious traffic at its origin

When the first attack on the Suomi.fi-website was underway, the operator cut all traffic abroad. As a result, Finns living abroad could not access crucial online public services. Cutting all traffic abroad is an example of the traditional way to stop a DDoS attack. It is not viable in the long run, however, because it affects all traffic.

Modern solutions against DDoS attacks stop malicious traffic in its origin country. Possible malicious traffic can be recognized based on either automatic or hands-on analysis. Solutions, such as Akamai’s Intelligent Security Edge, can recognize different DDoS attack types and find their origin. Moreover, they can slow down the malicious traffic or drop it altogether.  Meanwhile, users can access the websites in question without any problems.

Scalable solutions and ethical sustainability are important factors when modernizing public web services

The process of choosing and implementing new cyber security solutions is a challenging and lengthy one. What is more, this process has some additional characteristics when the public sector is concerned. When looking to secure the crucial online public services and to make them even easier and more reliable to use, these following four points could prove helpful:

• Make sure the acquired security solution is easy to scale.  Many government institutions still rely on old legacy systems which are often modernized by updating and adding new services one at a time. Ensuring these new solutions are scalable to meet future needs is the key to success.
• Make the reliability of the service provider a priority. Service providers who choose their customers carefully provide safer solutions. Because of that, criminal access to their tools becomes more difficult.
• Choose a service provider who is both ethically and morally sustainable. The service provider you choose can affect the public image of your organization. Therefore, it is important to find out what types of businesses they accept as customers. Do they accept gambling businesses, for example?
• Find modern services and solutions. By staying on top of the trends in cyber security solutions, you will be able to choose a solution that will serve your organization in the long term.

Better security solutions mean better web services for the general public

Cyber security solutions will have an even larger role in web service usability and reliability in the future. The more critical the service, the more attacks against it affect the general feeling of safety. By keeping the cyber security solutions modern, the public sector can offer reliable and highly usable services to the general public.

However, technology solutions alone are not enough when preparing for the fight against the ever-changing threats. Service level agreements play an important role in defining responsibility and ensuring the safety of public web services. For example, security service providers face new types of DDoS attacks daily, with no existing defences. A competent cyber security service provider can devise new defences on a very short notice and implement them quickly in a large scale.

The future of public sector web services is a hot topic at Cyber Security Nordic 2019

The prominent theme in Cyber Security Nordic 2019 event is current trends and the future of cyber security in the public sector. I’m especially looking forward to catching thought-provoking keynotes on this topic. We at Netum have a long history of collaborating with government officials and the public sector. In my experience, there is real talent and experience there that could be harnessed for the development of reliable and smooth web services for the public. This year’s event will hopefully offer us even more tools and insights to help the public sector reach this goal.

Jari Kivelä, IT Security Manager, Netum

Would you like to further discuss this topic with me? Come and meet me at Cyber Security Nordic 2019 at hall 5 stand 19. cybersecuritynordic.com

Get to know Netum better on our website www.netum.fi