The national anti-DDoS coalition came into being in 2018 as an initiative to enable organisations from different sectors to work together in the fight against DDoS. The members of the coalition share knowledge and collaborate in ongoing research projects. In this way, the participating organisations form a united front in the fight against DDoS. The national Anti-DDoS coalition is a joint initiative of the following parties: AMS-IX, KPN, Police, SURF, DNB, SIDN, Nationaal Cyber Security Centrum, Betaalvereniging Nederland, Universiteit Twente, NL-ix, Belastingdienst, Agentschap Telecom, Stichting Digitale Infrastructuur Nederland, Stichting NBIP, VodafoneZiggo and VNO-NCW.

Six working groups

Each working group deals with a specific theme around DDoS. Specialists from different organisations participate in each working group. Companies and organisations benefit from the clustering of knowledge in the various working groups in the field of DDoS mitigation.

Working Group Legal Affairs

The working group has a supporting role to the other working groups and handles legal issues during the plenary consultation. Drawing up legal documents and advising on possible legal risks are also part of the job description. The working group acts as a sparring partner for the members of the coalition. Sharing knowledge and exchanging information is of paramount importance to the Legal Affairs working group.

Working group Communication and Visibility

The working group Communication and Visibility aims to communicate information from the working groups through the channels of the participating parties. This working group will also stimulate as much as possible all processes concerning communication within and between the other working groups. This working group will also take initiatives to improve visibility and communication on the subject of DDoS.

Working group Clearing House

The objective of the Clearing House Working Group is to run a pilot with the DDoS Clearing House, a technical system that enables members of the Dutch Anti-DDoS Coalition to continually and automatically share descriptions of DDoS attacks that they handled in the form of so-called “DDoS fingerprints”. This widens members’ view on the DDoS attack landscape and enables them to proactively prepare their networks for a particular DDoS attack before it might actually hit them, which reduces the probability of system outages and increases the availability of services for customers and users. The development of the DDoS Clearing House takes place in the H2020 project CONCORDIA and is being coordinated by SIDN Labs. The basic version of the Clearing House was developed at the University of Twente. The DDoS Clearing House is an extra layer of security on top of DDoS mitigation facilities that members need to have in place (e.g., DDoS scrubbing services) and does not replace the previous mitigation facilities.

The key deliverables of the Working Group are:

  • Pilot setup that enables Coalition members to experiment with the DDoS Clearing House
  • Light-weight data sharing agreement for sharing DDoS fingerprints across organizations (in collaboration with the Legal Working Group)
  • Requirements for the production environment and for further improving the clearing house software after CONCORDIA
  • Lessons learned for clearing houses elsewhere in Europe and for the CONCORDIA project

Working group Drill

The purpose of the working group Drill is to practice with DDoS attacks. The exercises will take place in collaboration with the National Response Network (NRN), a partnership that aims to collectively respond better to incidents in the area of cyber security. In this context, the various participating parties will share their resources. This will create more opportunities to deal with DDoS attacks.

Working group Cross-sector Collaboration

The objective of the working group Cross-sectoral Collaboration is to pool the knowledge of the participating parties in order to serve different sectors in the field of DDoS control. Sooner or later every sector in B2B will have to deal with DDoS attacks. Not every sector has knowledge about combating and mitigating DDoS attacks.

Working group Basic Agreements and Measures

The working group Basic Agreements and Measures will focus on identifying target groups suffering from DDoS attacks. The working group will also consider (possible) legislation that plays a role in the fight against DDoS attacks.