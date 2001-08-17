from the it-is-captcha-2.1 dept.
The Federal Communications Commission has told members of Congress that it won't reveal exactly how it plans to prevent future attacks on the public comment system.
FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system.
[...] "Given the ongoing nature of the threats to disrupt the Commission's electronic comment ﬁling system, it would undermine our system's security to provide a speciﬁc roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internet‐based solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs."
[...] When responding to another question about what hardware resources are being committed to improve the comment system's uptime, the CIO again said that revealing specific details would undermine the FCC's security.
[...] There are apparently no law enforcement agencies involved in the FCC's ongoing investigation because the attacks weren't significant enough. "The FCC consulted with the FBI following this incident, and it was agreed this was not a 'signiﬁcant cyber incident' consistent with the deﬁnition contained in Presidential Policy Directive-41 (PPD-41)," the FCC said in its letter to House Democrats.
[...] Pai told House Democrats to trust him that the situation is under control.
1) There never was a DDOS attack, they made it up.
2) There was one, they know how to fight it off, but the have bobble heads of the heads of the NSA in their offices and want to emulate them.
Me? I'm going for #1. If there is anything we've learned in the last 6 months it's the Trump administration are all lying sacks of shit.
Can the protection be deemed correctly done without supplying details? or is it just another trust-us(tm) scam? where it just covers up their incompetence or plan to manipulate comments?
DDoS protection shouldn't be rocket science anymore?
