Session Abstract

The Director of the NSA recently commented that in cyberspace it is (a) difficult to deliver an effective response if the attackers identity isn't known, and (b) it is unclear if the government's response to cyber threats and attacks has deterred criminals, terrorists or nations. In a seperate inquiry, the National Research Council asked, "How and to what extent, if at all, is deterrence applicable to cyberattacks on private companies (especially those that manage U.S. critical infrastructure)?"

There is at least one successful example of non-governmental threat attribution, containment and deterrence, namely Spamhaus's global anti-spam efforts as used by over 1.4 billion people worldwide, including many Internet2-connected sites.

In this case study, we'll describe how Spamhaus addresses issues such as dynamic IP addresses and misuse of botted hosts, and some of the lessons we can take away from their successful efforts to tame at least one application in cyber space.