Distributed Denial of Service (DDOS) attacks flood a target website with multiple requests for service. This overloads the server, rendering it slow or unable to process services. As such, the website and its business halt.
Different types of DDOS attacks exist, including:
- Application Layer Attack: exhausts the website’s resources to disrupt or deny access to it or its services.
- Protocol Attack: targets the networking layer of the target systems to overwhelm the core networking services, firewall, or load balancer that forwards requests to the website.
- Volumetric Attack: uses botnets to generate a huge surge of traffic and clog up the website’s system.
DDOS attacks are evolving, and their destructive powers have increased over time. According to a Kaspersky report, DDOS attacks cost small businesses around $120,000. For enterprises, that number is around $2,000,000.
As a result, governments are passing laws and improving cybersecurity standards for websites around the world. Below, we discuss such laws and what authorities are doing to combat DDOS attacks.
What the Law Says
The following is a rundown of laws governing cybersecurity and DDOS attacks in major countries in the world.
Canada
Canadian laws aim to protect information systems and computer networks from breaches and attacks, which include unauthorized access to protected information, malware, viruses, worms, and, of course, DDOS attacks. Statutes and common law protect Canadian cybersecurity and data protection.
DDOS attacks carry a maximum penalty of 10 years in prison. And if the attack is deemed to be a threat to national security, then the perpetrator can be charged for cyberterrorism and be given a maximum penalty of life in prison.
The US
In the US, DDOS attacks are punishable with 10 years in prison and a $500,000 fine under the Federal Computer Fraud and Abuse Act. Being a co-conspirator can lead to five years in prison and a $250,000 fine.
On the flip side, these punishments are only applicable to attacks without permission. That’s because certain DDOS attack tests are allowed as long as they’re conducted in a controlled manner by professionals alongside the consent and knowledge of the client.
Such attack testings are conducted in a manner that safeguards the business from any irreparable damages. Multiple fail-safes are also required to immediately stop such tests if necessary.
The UK
The UK has similar laws against DDOS attacks. Under the Computer Misuse Act of 1990, it’s illegal to deliberately disrupt an operation of a computer or prevent access to a program or data. Under this act, it’s also illegal to create, supply, or obtain stresser or booter devices that facilitate DDOS attacks.
Moreover, this act has been “updated” through the Police and Justice Act of 2006. The 2006 act expands the provisions and criminalizes someone who does an unauthorized activity to a computer with malicious intent. It also increases the penalty for unauthorized access from six months to two years of imprisonment.
Australia
In Australia, the Criminal Code Act of 1995 criminalizes cybercrime and is applied universally to various cybersecurity-related crimes, such as phishing, ransomware, identity theft, and DDOS attacks.
Under this law, any “unauthorized impairment of electronic communication” is an offense. That is, it’s illegal to deliberately impair any electronic communication to or from a computer without any authorization. The maximum penalty for such an offense is 10 years’ imprisonment.
China
China has a highly developed internet system, making it a key market for IT-related businesses that do almost everything online. On top of that, China is no exception when it comes to cybercrime attacks, including DDOS, which is the most common security attack in the country.
Given that, the Asian country also has some of the most stringent cybersecurity laws around the world. Certain websites are blocked in China, and all websites must have valid ICP licenses.
Under China’s Criminal Law, DDOS attacks are punishable by five years imprisonment as well as administrative penalties. Detentions are also not uncommon in terms of punishments for violations of national laws, which include the Public Security Administration Punishments Law and Cybersecurity Law.
How to Prevent DDOS Attacks
Although DDOS attacks have been evolving, techniques on preventing them have also been improving. The following are some of the ways you can reinforce your network security and avoid DDOS attacks:
- Understanding of Warning Signs: while network slowdown, spotty connectivity, and intermittent shutdowns are common among networks, they’re also signs observed during DDOS attacks. Know when your network is experiencing normal errors versus when it’s suffering from something more serious.
- Developing a DDOS Response Plan: this is a plan on the first steps you’ll take when responding to a malicious attack. Make a system checklist, form a response team, define procedures, and ensure everybody knows who to contact for what.
- Secure Network Infrastructure: this includes threat management systems that combine firewalls, anti-spam, VPNs, and other layers of DDOS defense tools. Make sure your systems are up to date because old, outdated systems come with a lot of loopholes.
- Maintain Strong Architecture: create redundant network resources so that if a server is attacked, others can handle the extra network traffic. If possible, your servers should be located in different places in a location.
- Use the Cloud: using outsourced, cloud-based service providers give you more bandwidth and resources to counter a DDOS attack. Cloud-based apps can absorb harmful traffic before it reaches their destination. At the same time, outsourced providers often hire software engineers solely to monitor new and leading DDOS tactics.
- Practice Basic Security Measures: this involves allowing as little user error as possible and engaging in strong security practices. These measures can be as simple as regularly changing complex passwords, employing anti-phishing methods, and using firewalls that permit little outside traffic.
Overall, DDOS attacks impair your processes and network’s service. Legislations around the world are tough on such crimes, with punishments ranging from life imprisonment to hefty fines.
These laws are meant to deter attackers, but you can also take a proactive hand in defending against DDOS crimes. Strengthen your security posture and make sure that you know what laws govern the IT and cybersecurity fields in your country.
Check out some of our similar articles in our Internet Law category.
About The Author: Michael is an aspiring lawyer who likes to spend his free time researching different topics of law, especially about what is legal and what is not. He enjoys reading articles, watching documentaries, and attending lectures to become more informed about the law. He hopes that one day he will be able to use this knowledge to help people in need. Michael also has a passion for writing which led him to pursue journalism as his minor in college.
Through his studies, he has learned how to write professionally with clarity and precision. He is currently writing a novel about the life of a young lawyer who fights for justice in a world that is filled with corruption. Michael hopes to use his skills in writing and researching to pursue a career as an attorney one day. In addition, he also volunteers at legal aid clinics to gain more experience. From this volunteering experience, he has been able to help people better understand their rights and the legal system.
Michael is a dedicated individual with a passion for law and writing, and these qualities make him an excellent candidate for any legal field. He is eager to use his skillset to prove himself as a lawyer in order to contribute in making the world a better place.