Banks, governments, Internet providers and many businesses across Europe faced a massive, but simulated, distributed denial of service attack on Thursday as the European Union probes its IT infrastructure and seeks to discover ways to better cooperate and, thus, ward off attacks.
A similar exercise was held in 2010 but that one did not include banks which have joined in the 2012 simulation.
Across the United States in recent days a number of money center banks – including Bank of America, Wells Fargo and JPMorgan Chase – have suffered devastating DDoS attacks that put their websites out of useful service for some hours.
The essence of DDoS is to flood a target with extraneous requests and, in the process, put it out of action as it seeks to deal with what amounts to nonsense.
Enisa (European Network and Information Security Agency), the government entity coordinating the simulated attack, has said that 25 nations are participating in the exercise.
Neal Quinn, chief operating officer at Hollywood, Fla.-based DDoS defense firm Prolexic Technologies, said in an interview that “this kind of exercise is a good idea. It’s something we often do with our individual clients.”
Quinn indicated he “had not heard of anything similar planned for here.”
A more cynical perspective was offered by Mark Kay, onetime chief information officer at JPMorgan Chase and presently CEO at StrikeForce Technologies, a developer of IT defenses for business, who said, “Basically I see the exercise as more troublesome then useful and more for show.”
A UK security expert shared similar skepticism with the BBC: "It's a very worthy exercise but it doesn't guarantee security," Alan Woodward, a visiting professor at the University of Surrey, told the BBC. "Penetration testing assumes you will be attacked using existing techniques, but it doesn't necessarily reveal vulnerabilities you would otherwise not have known about.”
Either way, however, a fact is that on Thursday across Europe DDoS was in the headlines and that means that awareness has been raised.
